Hacker News new | past | comments | ask | show | jobs | submit login

It's beyond pathetic that we're scrambling for rumors on hacker news to figure out if we're affected by this. Security news is in need of serious consideration.



Unfortunately, Security Advisories are formatted according to the Vendor wills and needs.

Some vendors give you a lot a details, some are very obscure.

There is a need for a "standard" Security Advisory, on the same base that there is a "standard" emerging from Responsible Disclosure.


The standard needs a few things like:

* Easy, unambiguous way of determining whether you're affected

* What risks are for each condition (have an AMT ready CPU, have AMT enabled, etc)

* Which patches fix which risks

And more. This will require some thought, and hopefully some UX people.


What about the CVE?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: