[Info-vax] Intel x86-64 Processor Design Security Vulnerability?
DaveFroble
davef at tsoft-inc.com
Thu Jan 4 15:23:24 EST 2018
Simon Clubley wrote:
> On 2018-01-04, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>> (and then
>> there's that OpenVMS RCE I've been sitting on for a couple of years),
>
> Have you considered forcing the issue with that one ?
>
> If nothing has happened after a couple of years of waiting, what makes
> you think it's likely to be fixed soon ?
>
> Please consider giving the appropriate people a firm timetable under
> the responsible disclosure process to fix it by before you start
> releasing details.
>
> If you don't get a fix after a reasonable period of time, you don't have
> to release everything in one go; you can start by just releasing a general
> top level description of the problem and see if you can push them into
> fixing it that way.
>
> Either way, unless there's some special mitigating circumstances that
> you have not released, then there's no way a RCE should still be around
> a couple of years after it was discovered.
>
> Simon.
>
Not sure Steve agrees with your concepts. I seem to recall that in the past,
while he was still with DEC, more than once reading "the wizard's" comment to
someone who mentioned a problem. "I wish you wouldn't have done that."
Or, maybe times have changed ....
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
More information about the Info-vax
mailing list