[Info-vax] Intel x86-64 Processor Design Security Vulnerability?
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Thu Jan 4 13:28:09 EST 2018
On 2018-01-04, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
> (and then
> there's that OpenVMS RCE I've been sitting on for a couple of years),
Have you considered forcing the issue with that one ?
If nothing has happened after a couple of years of waiting, what makes
you think it's likely to be fixed soon ?
Please consider giving the appropriate people a firm timetable under
the responsible disclosure process to fix it by before you start
releasing details.
If you don't get a fix after a reasonable period of time, you don't have
to release everything in one go; you can start by just releasing a general
top level description of the problem and see if you can push them into
fixing it that way.
Either way, unless there's some special mitigating circumstances that
you have not released, then there's no way a RCE should still be around
a couple of years after it was discovered.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list