"CTS Labs told us that it bucked the industry-standard 90-day response time because, after it discussed the vulnerabilities with manufacturers and other security experts, it came to believe that AMD wouldn't be able to fix the problems for "many, many months, or even a year." Instead of waiting a full year to reveal these vulnerabilities, CTS Labs decided to inform the public of its discovery."
Literally wtf. So they thought AMD couldn't fix it in a couple of months but they decided to tell the public instead without even contacting AMD and getting a response first?
No legitimate business does that in computer security. No one. If you find a vulnerability you go to the manufacturer, name your price, make a NDA with a deadline and then release the vulnerability details after the deadline.
Just shows how much of a fraud those CTS guys are. If the vulnerabilities were truly as bad as they make out, they could have made millions from AMD but instead they went to "industry experts" and didn't get a penny.
They can make a big song and dance about it,with some nice graphics and a marketing company which uses "social media influencers" and finding the "right reporters, bloggers, analysts and influencers who will understand your business". Screw consequences,as long as you have your 5 minutes of fame,its all cushty,right?? So basically computer security for a social media generation.
If this is allowed to stand,even if you have a love for Intel/Nvidia,etc - what if this sets a precedent for other cowboys to start doing the same for them for loads of tech companies?? Instead of doing what security researchers are meant to do,which is find flaws,inform companies of said flaws,and only then talk about it,once the companies can at least have some time to act(or not act on it).
After all companies do pay security firms for this kind of information AFAIK.
These people seem more interested in causing a blind panic. Thats not to say there isn't a potential set of issues,but funny how Intel got six months grace period for an issue that has existed for 20 years apparently.
At some point,what happens when one oversteps the mark,to outdo another cowboy competitor,and it leaks a big issue that no one has any time to try and do anything about?? Will we all be saying "cool" then??
Instead they just make clickbait names,articles and flashy websites,which seem more like easy consumption for the general public and non-technical investors,and the general echo chamber.
