
Intel hid CPU bugs info from govt 'until public disclosure' - mediawatch
https://www.itwire.com/security/81867-intel-hid-cpu-bugs-info-from-govt-until-public-disclosure-report.html
======
aurizon
Who knows if it had been found by a black hat and had been exploited? If a BH
had found it, they would certainly try to figure out a way to make one or more
viable exploits from it. A national government (CIA, Israel etc) would say
nothing and quietly proceed with exploitation - as would most other crooks.
White hats would tell Intel and probably set a revelation clock ticking to
make sure Intel got to work.

Once Intel knows it, there is no duty to tell the world, but there is a strong
duty to fix it and to also monitor DH web sites to see if an exploit is in the
wild. They want it secret until fixed. No duty to tell the government at all -
they leak like a sieve. In any event, exploits for these problems are hard to
setup and execute - they may never be a good live exploit - too hard to
arrange. So far I have not heard of any losses from these problems, the
greater loss is from the repair patches that slow server throughput down.
Intel has been educated. I am sure that Intel will be made to kick some cash
to server farms

