Hacker News new | past | comments | ask | show | jobs | submit login

In a Dutch article (https://nos.nl/artikel/2284630-nederlanders-vinden-beveiligi...), one of the researchers says "het aantal mensen bij bedrijven als Intel die zich op dit niveau met beveiliging bezighoudt, is echt op de vingers van twee handen te tellen." = There are 10 or fewer people working on security at this level at companies like Intel. This sounds very hard to believe to me. With the previous attacks there surely are bigger teams working on this kind of stuff?

There's other people working on it outside of Intel, too. https://mdsattacks.com/ if you look at the list of people you'll see there's dozens of folk that independently found and reported the same vulnerabilities.

Bigger is definitely not better for this kind of stuff at least as far as team sizes.

There are probably fewer than 1000 people in the world capable of finding these kinds of vulnerabilities. Sounds about right to have 10 at Intel.

Out of curiosity, where would the others be?

Universities, three letter agencies and private or government actors. At least I would guess that, maybe also a bunch at anti virus developers.

how much more would you expect? 10 people is pushing the two-pizza limit.

People don't necessarily need to be in one big team. Lots of things that are important can be worked on by more than 10 people. (Surely Google and Facebook each have more than 10 people working on security).

Is there evidence that so few people are working on security at Intel?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact