• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Intel Tried to Bribe Dutch University to Suppress Knowledge of MDS Vulnerability

Status
Not open for further replies.
Joined
May 8, 2018
Messages
1,571 (0.65/day)
Location
London, UK
Intel is a crooked company, only few websites dont go along with their evil tactics, here at techpowerup we see a neutral take on both, amd or intel, websites for example like anantech there is only intel and their products, I mean amd name and products or news are rarely published there, just for the sake of an unbiased view, I challenge you right now to go to anantech and check their main page, is 100% filled with intel marketing things. It's sad. We need more neutral tech websites like techpowerup. Intel buys everything in order to keep its name and products high priority.
 

FreedomEclipse

~Technological Technocrat~
Joined
Apr 20, 2007
Messages
24,179 (3.74/day)
Location
London,UK
System Name WorkInProgress
Processor AMD 7800X3D
Motherboard MSI X670E GAMING PLUS
Cooling Thermalright AM5 Contact Frame + Phantom Spirit 120SE
Memory 2x32GB G.Skill Trident Z5 NEO DDR5 6000 CL32-38-38-96
Video Card(s) Asus Dual Radeon™ RX 6700 XT OC Edition
Storage WD SN770 1TB (Boot)|1x WD SN850X 8TB (Gaming) | 2x2TB WD SN770| 2x2TB+2x4TB Crucial BX500
Display(s) LG GP850-B
Case Corsair 760T (White) {1xCorsair ML120 Pro|5xML140 Pro}
Audio Device(s) Yamaha RX-V573|Speakers: JBL Control One|Auna 300-CN|Wharfedale Diamond SW150
Power Supply Seasonic Focus GX-850 80+ GOLD
Mouse Logitech G502 X
Keyboard Duckyshine Dead LED(s) III
Software Windows 11 Home
Benchmark Scores ლ(ಠ益ಠ)ლ
I don't believe it for a second.


Yeah I mean its not as if Intel were paying or offering OEMs and system builders deep discounts to build more Intel based units or cut out AMD units completely a few years back.

This has been widely documented and even landed Intel in a certain court for anti-trust/anti-competitive practises and fined a few million or billion for their behavior.
 
Joined
Mar 10, 2015
Messages
3,984 (1.11/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Feel bad for all the people that couldn't wait for Zen 2 and rushed out and bought one. The feeling it must be to support such people...
 

rtwjunkie

PC Gaming Enthusiast
Supporter
Joined
Jul 25, 2008
Messages
14,019 (2.34/day)
Location
Louisiana
Processor Core i9-9900k
Motherboard ASRock Z390 Phantom Gaming 6
Cooling All air: 2x140mm Fractal exhaust; 3x 140mm Cougar Intake; Enermax ETS-T50 Black CPU cooler
Memory 32GB (2x16) Mushkin Redline DDR-4 3200
Video Card(s) ASUS RTX 4070 Ti Super OC 16GB
Storage 1x 1TB MX500 (OS); 2x 6TB WD Black; 1x 2TB MX500; 1x 1TB BX500 SSD; 1x 6TB WD Blue storage (eSATA)
Display(s) Infievo 27" 165Hz @ 2560 x 1440
Case Fractal Design Define R4 Black -windowed
Audio Device(s) Soundblaster Z
Power Supply Seasonic Focus GX-1000 Gold
Mouse Coolermaster Sentinel III (large palm grip!)
Keyboard Logitech G610 Orion mechanical (Cherry Brown switches)
Software Windows 10 Pro 64-bit (Start10 & Fences 3.0 installed)
Intel is a crooked company, only few websites dont go along with their evil tactics, here at techpowerup we see a neutral take on both, amd or intel, websites for example like anantech there is only intel and their products, I mean amd name and products or news are rarely published there, just for the sake of an unbiased view, I challenge you right now to go to anantech and check their main page, is 100% filled with intel marketing things. It's sad. We need more neutral tech websites like techpowerup. Intel buys everything in order to keep its name and products high priority.
You talk about biased as a bad thing, and yet there you are, completely biased.

Did you read the whole thread, beyond the headline? I point you to Post#17
 
Joined
Mar 10, 2015
Messages
3,984 (1.11/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Wouldn't we want Intel and AMD paying rewards for these discoveries and suppressing the discovery until a patch is issued? Why do these groups want to discover vulnerabilities and immediately expose everyone? I would think these groups would be on the side of consumers but it seems they are on the side of attackers if they intend to release info and expose everyone before fixes are available.

I am a not a fanboy of anyone, currently running AMD in my desktop and Intel in a notebook. Common sense isn't a fanboy.

Generally 90 days is sufficient to patch most problems. If it isn't, as long as the discoverer feels the company is doing its part by engineering a fix, things don't get disclosed. Considering we are well beyond that, I am pretty sure that appropriate decisions were made.

Though I would have contacted a member of the FTC or something to accept the money on my behalf from Intel. In secret.
 
Joined
Sep 6, 2013
Messages
3,393 (0.82/day)
Location
Athens, Greece
System Name 3 desktop systems: Gaming / Internet / HTPC
Processor Ryzen 5 7600 / Ryzen 5 4600G / Ryzen 5 5500
Motherboard X670E Gaming Plus WiFi / MSI X470 Gaming Plus Max (1) / MSI X470 Gaming Plus Max (2)
Cooling Aigo ICE 400SE / Segotep T4 / Νoctua U12S
Memory Kingston FURY Beast 32GB DDR5 6000 / 16GB JUHOR / 32GB G.Skill RIPJAWS 3600 + Aegis 3200
Video Card(s) ASRock RX 6600 + GT 710 (PhysX) / Vega 7 integrated / Radeon RX 580
Storage NVMes, ONLY NVMes / NVMes, SATA Storage / NVMe, SATA, external storage
Display(s) Philips 43PUS8857/12 UHD TV (120Hz, HDR, FreeSync Premium) / 19'' HP monitor + BlitzWolf BW-V5
Case Sharkoon Rebel 12 / CoolerMaster Elite 361 / Xigmatek Midguard
Audio Device(s) onboard
Power Supply Chieftec 850W / Silver Power 400W / Sharkoon 650W
Mouse CoolerMaster Devastator III Plus / CoolerMaster Devastator / Logitech
Keyboard CoolerMaster Devastator III Plus / CoolerMaster Devastator / Logitech
Software Windows 10 / Windows 10&Windows 11 / Windows 10
It's so easy to believe that Intel tried to bribe someone, it's not even news. It's routine.
 
Joined
Mar 10, 2015
Messages
3,984 (1.11/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
So, basically, seems things went normal according to the usual Intel bounty/reward program, until Intel wanted another 6 months of time to work on the issue. The group didn't want to wait any longer than the initial program deal they made, and in response Intel wanted to at least make things look publicly less "worrying", by asking them to publicly say the vulnerability it wasn't really that of a big deal, offering them another $40k + $80k. They refused the offer and released the research untouched.

Everything else you say is quite truthful and I applaud your extra research and fact finding. However, it is not common practice to downplay the severity (from my understanding). The security industry is founded upon giving people the truth about the risk in their products. If they don't then they have failed the community and people who depend on CVEs when buying their infrastructure (think clouds) etc or risk assessments of their assets. Especially when Intel has the fix ready. It seems more logical they wanted the extra 6 months so they could launch a product without this cloud hanging over. These vulnerabilities are relatively low risk for you and I but not so for enterprise and data centers.

Again, we don't really know for sure so it is hard to say and everyone will make of it what they will. Considering Intel got busted paying off OEMs previously, the former is accusation is plausible. But since we also accused MSI (with no evidence whatsoever) of trying to pull the wool over everyone's eyes with the AM4 socket, I am not surprised by the wording either.
 
Joined
Jun 28, 2014
Messages
2,388 (0.62/day)
Location
Shenandoah Valley, Virginia USA
System Name Home Brewed
Processor i9-7900X and i7-8700K
Motherboard ASUS ROG Rampage VI Extreme & ASUS Prime Z-370 A
Cooling Corsair 280mm AIO & Thermaltake Water 3.0
Memory 64GB DDR4-3000 GSKill RipJaws-V & 32GB DDR4-3466 GEIL Potenza
Video Card(s) 2X-GTX-1080 SLI & 2 GTX-1070Ti 8GB G1 Gaming in SLI
Storage Both have 2TB HDDs for storage, 480GB SSDs for OS, and 240GB SSDs for Steam Games
Display(s) ACER 28" B286HK 4K & Samsung 32" 1080P
Case NZXT Source 540 & Rosewill Rise Chassis
Audio Device(s) onboard
Power Supply Corsair RM1000 & Corsair RM850
Mouse Generic
Keyboard Razer Blackwidow Tournament & Corsair K90
Software Win-10 Professional
Benchmark Scores yes
Joined
Mar 29, 2014
Messages
496 (0.13/day)
The bribe part came in when Intel wanted to delay 6 months. Of course Zen2 being launched next month had nothing to do with it. ;)
 

Ahhzz

Super Moderator
Staff member
Joined
Feb 27, 2008
Messages
9,006 (1.47/day)
System Name OrangeHaze / Silence
Processor i7-13700KF / i5-10400 /
Motherboard ROG STRIX Z690-E / MSI Z490 A-Pro Motherboard
Cooling Corsair H75 / TT ToughAir 510
Memory 64Gb GSkill Trident Z5 / 32GB Team Dark Za 3600
Video Card(s) Palit GeForce RTX 2070 / Sapphire R9 290 Vapor-X 4Gb
Storage Hynix Plat P41 2Tb\Samsung MZVL21 1Tb / Samsung 980 Pro 1Tb
Display(s) 22" Dell Wide/24" Asus
Case Lian Li PC-101 ATX custom mod / Antec Lanboy Air Black & Blue
Audio Device(s) SB Audigy 7.1
Power Supply Corsair Enthusiast TX750
Mouse Logitech G502 Lightspeed Wireless / Logitech G502 Proteus Spectrum
Keyboard K68 RGB — CHERRY® MX Red
Software Win10 Pro \ RIP:Win 7 Ult 64 bit
I'm not part of Intel's bandwagon, but this article seems really confusing and kind of misleading... the title says Intel wanted to pay them to "suppress knowledge of MDS vulnerability", but then the article itself says instead they wanted them "to downplay the severity of the vulnerability". The first part implies the Dutch to don't say a thing (possibly until they fix the problem), the second part implies the information would be public but the severity and details to be "softened".
So after reading this, one may ask... "well, which one was it?" and why is the "bribe" word being used when there's a public bounty program in place by Intel to reward people that discover these kind of issues with their products?

Going to the source/reddit article to find some extra details doesn't exactly make things 100% clear, but it seems to me that it went like this:
- among several researcher groups taking a look at said vulnerabilities, the Dutch Uni was the one that found the major part of it
- Intel paid the Dutch Uni research group around $100,000 (89,000 euros) as part of their public bounty program (explained on their own press release also linked in this TPU article). They would reveal Intel the details and not publicly, so that Intel could investigate and work a security fix. (so nothing really shady here (as in bribe), seems normal procedure in these cases)
- the group said they would give Intel until May, then they would release the infos/leaks themselves
- apparently Intel wanted to wait another six months so they could get more time to fix it
- the group refused
- Intel then made them an additional offer of 40k , then another 80k on top, to convince them to downplay the severity /level of vulnerability of the problem, since sh/t would hit the fan anyway (probably to make things a bit less interesting for hackers and to avoid another public PR snowball)
- the group refused this additional offer to soften the exploit severity, and then released the vulnerability infos in May as planned.

So, basically, seems things went normal according to the usual Intel bounty/reward program, until Intel wanted another 6 months of time to work on the issue. The group didn't want to wait any longer than the initial program deal they made, and in response Intel wanted to at least make things look publicly less "worrying", by asking them to publicly say the vulnerability it wasn't really that of a big deal, offering them another $40k + $80k. They refused the offer and released the research untouched.

Considering it's a security problem, one can see why Intel wanted to at least try some "damage control". Even if the group accepted the "downplay" offer, eventually with time, the real severity would come out and that would make the group and Intel look bad. Difference is, Intel can afford to look bad in that situation, specially if the reasons were based on "customer's security".
Good explanation. :toast:
 
Joined
Aug 2, 2011
Messages
1,458 (0.30/day)
Processor Ryzen 9 7950X3D
Motherboard MSI X670E MPG Carbon Wifi
Cooling Custom loop, 2x360mm radiator,Lian Li UNI, EK XRes140,EK Velocity2
Memory 2x16GB G.Skill DDR5-6400 @ 6400MHz C32
Video Card(s) EVGA RTX 3080 Ti FTW3 Ultra OC Scanner core +750 mem
Storage MP600 Pro 2TB,960 EVO 1TB,XPG SX8200 Pro 1TB,Micron 1100 2TB,1.5TB Caviar Green
Display(s) Alienware AW3423DWF, Acer XB270HU
Case LianLi O11 Dynamic White
Audio Device(s) Logitech G-Pro X Wireless
Power Supply EVGA P3 1200W
Mouse Logitech G502X Lightspeed
Keyboard Logitech G512 Carbon w/ GX Brown
VR HMD HP Reverb G2 (V2)
Software Win 11
Nice background work! What we have here is one of the only responders who bothered to do some source work, instead of just responding to the sensationalist headline.

What's sad is, that it shouldn't be up to this random internet person to give the full details on the issue and original article; it should be on the "news" team to research this and provide all the information.

But, alas, this isn't a "news" site, it's an editorial site.
 
Joined
May 8, 2018
Messages
1,571 (0.65/day)
Location
London, UK
You talk about biased as a bad thing, and yet there you are, completely biased.

Did you read the whole thread, beyond the headline? I point you to Post#17

uh? check, if there is even any talk or post about this problem on anantech and this is a very important news and yet there is nothing there at least acknowledging the problem and here you are saying I'm the problem, there must be something wrong inside your head.
 

rtwjunkie

PC Gaming Enthusiast
Supporter
Joined
Jul 25, 2008
Messages
14,019 (2.34/day)
Location
Louisiana
Processor Core i9-9900k
Motherboard ASRock Z390 Phantom Gaming 6
Cooling All air: 2x140mm Fractal exhaust; 3x 140mm Cougar Intake; Enermax ETS-T50 Black CPU cooler
Memory 32GB (2x16) Mushkin Redline DDR-4 3200
Video Card(s) ASUS RTX 4070 Ti Super OC 16GB
Storage 1x 1TB MX500 (OS); 2x 6TB WD Black; 1x 2TB MX500; 1x 1TB BX500 SSD; 1x 6TB WD Blue storage (eSATA)
Display(s) Infievo 27" 165Hz @ 2560 x 1440
Case Fractal Design Define R4 Black -windowed
Audio Device(s) Soundblaster Z
Power Supply Seasonic Focus GX-1000 Gold
Mouse Coolermaster Sentinel III (large palm grip!)
Keyboard Logitech G610 Orion mechanical (Cherry Brown switches)
Software Windows 10 Pro 64-bit (Start10 & Fences 3.0 installed)
uh? check, if there is even any talk or post about this problem on anantech and this is a very important news and yet there is nothing there at least acknowledging the problem and here you are saying I'm the problem, there must be something wrong inside your head.
So that would be a “no” to my question, check.
 
Joined
Feb 17, 2017
Messages
854 (0.30/day)
Location
Italy
Processor i7 2600K
Motherboard Asus P8Z68-V PRO/Gen 3
Cooling ZeroTherm FZ120
Memory G.Skill Ripjaws 4x4GB DDR3
Video Card(s) MSI GTX 1060 6G Gaming X
Storage Samsung 830 Pro 256GB + WD Caviar Blue 1TB
Display(s) Samsung PX2370 + Acer AL1717
Case Antec 1200 v1
Audio Device(s) aune x1s
Power Supply Enermax Modu87+ 800W
Mouse Logitech G403
Keyboard Qpad MK80
I'm not sure you people understand we're talking about a couple hundred thousand of dollars, do you really believe intel would risk to expose such a dirty move for that amount of money? We're talking about a +70 billion company here...
 
Joined
Apr 19, 2011
Messages
2,198 (0.44/day)
Location
So. Cal.
No, they need a new security head. Clearly this guy isn't "working" so well :ohwell:
They should also hire a new lawyer :mad:
Love that those guys seem so much more ethical!
123119


I'm fence sitting on this... One side is such findings should at least come to light/public (low level details) after a IDK a 4 week "grace period" where the company has a time to either fix or minimize vulnerability affect. But this... hey we'll pay you for a 6mo extension to not make public...? How many nefarious groups are exploiting it while Intel keep's it hush-hush... Or, that's just enough time to release their next offerings and minimize damage to a launch of products that vulnerability is still there. Perhaps the people who are exploiting it use the extra 6 mo's to release Drumps tax returns, make an attack on your country, or just ruin your credit. In-action is not a option.
 
Joined
Nov 3, 2013
Messages
2,141 (0.53/day)
Location
Serbia
Processor Ryzen 5600
Motherboard X570 I Aorus Pro
Cooling Deepcool AG400
Memory HyperX Fury 2 x 8GB 3200 CL16
Video Card(s) RX 6700 10GB SWFT 309
Storage SX8200 Pro 512 / NV2 512
Display(s) 24G2U
Case NR200P
Power Supply Ion SFX 650
Mouse G703 (TTC Gold 60M)
Keyboard Keychron V1 (Akko Matcha Green) / Apex m500 (Gateron milky yellow)
Software W10
So after reading this, one may ask... "well, which one was it?" and why is the "bribe" word being used when there's a public bounty program in place by Intel to reward people that discover these kind of issues with their products?


- Intel then made them an additional offer of 40k , then another 80k on top, to convince them to downplay the severity /level of vulnerability of the problem
Did you even read your own post.
 
Joined
Nov 4, 2005
Messages
12,015 (1.72/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs, 24TB Enterprise drives
Display(s) 55" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
So they discovered the issue, reported it to Intel. Intel paid them.100K and had 6 months to disclose the security issues, didn't, then tried to bribe them with another 40 to not say anything. Then when they didn't take that Intel upped their bribe to 80K to down play it's security issues.

Sounds about right.
 
Joined
Mar 10, 2015
Messages
3,984 (1.11/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
after a IDK a 4 week "grace period" where the company has a time to either fix or minimize vulnerability affect

The typical grace period is 90 days. Then the researcher and company hash out the details. If it is going to take longer to fix then they will agree to hold off until the fix is ready. If the researcher doesn't believe what the company says then the research will release it after the 90 days or however long they think it will take to fix it.
 
D

Deleted member 158293

Guest
Per Intel's track record, this really shouldn't be a surprise... the opposite would've been a surprise if anything.
 
Joined
Oct 27, 2009
Messages
1,192 (0.22/day)
Location
Republic of Texas
System Name [H]arbringer
Processor 4x 61XX ES @3.5Ghz (48cores)
Motherboard SM GL
Cooling 3x xspc rx360, rx240, 4x DT G34 snipers, D5 pump.
Memory 16x gskill DDR3 1600 cas6 2gb
Video Card(s) blah bigadv folder no gfx needed
Storage 32GB Sammy SSD
Display(s) headless
Case Xigmatek Elysium (whats left of it)
Audio Device(s) yawn
Power Supply Antec 1200w HCP
Software Ubuntu 10.10
Benchmark Scores http://valid.canardpc.com/show_oc.php?id=1780855 http://www.hwbot.org/submission/2158678 http://ww
I'm not part of Intel's bandwagon, but this article seems really confusing and kind of misleading... the title says Intel wanted to pay them to "suppress knowledge of MDS vulnerability", but then the article itself says instead they wanted them "to downplay the severity of the vulnerability". The first part implies the Dutch to don't say a thing (possibly until they fix the problem), the second part implies the information would be public but the severity and details to be "softened".
So after reading this, one may ask... "well, which one was it?" and why is the "bribe" word being used when there's a public bounty program in place by Intel to reward people that discover these kind of issues with their products?

Going to the source/reddit article to find some extra details doesn't exactly make things 100% clear, but it seems to me that it went like this:
- among several researcher groups taking a look at said vulnerabilities, the Dutch Uni was the one that found the major part of it
- Intel paid the Dutch Uni research group around $100,000 (89,000 euros) as part of their public bounty program (explained on their own press release also linked in this TPU article). They would reveal Intel the details and not publicly, so that Intel could investigate and work a security fix. (so nothing really shady here (as in bribe), seems normal procedure in these cases)
- the group said they would give Intel until May, then they would release the infos/leaks themselves
- apparently Intel wanted to wait another six months so they could get more time to fix it
- the group refused
- Intel then made them an additional offer of 40k , then another 80k on top, to convince them to downplay the severity /level of vulnerability of the problem, since sh/t would hit the fan anyway (probably to make things a bit less interesting for hackers and to avoid another public PR snowball)
- the group refused this additional offer to soften the exploit severity, and then released the vulnerability infos in May as planned.

So, basically, seems things went normal according to the usual Intel bounty/reward program, until Intel wanted another 6 months of time to work on the issue. The group didn't want to wait any longer than the initial program deal they made, and in response Intel wanted to at least make things look publicly less "worrying", by asking them to publicly say the vulnerability it wasn't really that of a big deal, offering them another $40k + $80k. They refused the offer and released the research untouched.

Considering it's a security problem, one can see why Intel wanted to at least try some "damage control". Even if the group accepted the "downplay" offer, eventually with time, the real severity would come out and that would make the group and Intel look bad. Difference is, Intel can afford to look bad in that situation, specially if the reasons were based on "customer's security".

We need you writing the stories here...
 
Joined
Apr 19, 2011
Messages
2,198 (0.44/day)
Location
So. Cal.
The typical grace period is 90 days
Depending on what it is, the unscrupulous could keep wreaking havoc for 3 mo's. IDK that feels generous especially depending on what it is and how it could be used.
 
Joined
Oct 25, 2005
Messages
193 (0.03/day)
Location
Long Island, NY
Processor 9700K
Motherboard Asrock Z390 Phantom Gaming-ITX/ac
Cooling Alpenfohn Black Ridge
Memory 32GB Micron VLP 18ADF2G72AZ-3G2E1
Video Card(s) 3090 FE
Display(s) Samsung G9 NEO
Case Formd T1
Power Supply Corsair SF750
Intel needs to class action lawsuit... I can't wait to cash in on all the flawed CPUs I've bought over the years....
 
Joined
Mar 10, 2015
Messages
3,984 (1.11/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Depending on what it is, the unscrupulous could keep wreaking havoc for 3 mo's. IDK that feels generous especially depending on what it is and how it could be used.

That's true but it has to be found by others in order to be used. Could other people have found it? Sure. Can everything be fixed in 4 weeks? No. 12 weeks? Maybe.

The key is that the longer it is not public then generally speaking the longer it doesn't get exploited. If the company is dragging their feet then they usually get called out and the vulnerability goes public. The problem with that is that it leaves people with the vulnerable system at the mercy of companies and bad actors.

The researchers have to use their judgement about which path to take: Hopefully protect users by not releasing the vulnerability while the patch happens or release the vulnerability to force the company to fix it (hope they do) and put users at greater risk.
 
Joined
Jan 18, 2006
Messages
1,849 (0.27/day)
System Name Air Cooled Caselabs BH8
Processor Intel Coffee Lake 8700K @ 4.7
Motherboard MSI Gaming M5
Cooling Noctua D15s, 5x 140mm Noctua Chromax, 1x 120mm Noctua Chromax, 2x 80mm Noctua fans
Memory G. Skill Trident Z RGB series 3200mhz
Video Card(s) ASUS STRIX GTX 1080
Storage Samsung EVO 840 250gb SSD, Samung EVO PRO 256gb SSD, 2 TB WD Black Edition HDD.
Display(s) 24" Asus Gaming ROG 144hz
Case Black Caselabs BH8
Power Supply 850w EVGA SuperNOVA G2 Gold PSU with individually sleeved black cables
Mouse Logitech Wireless G403
Keyboard Corsair Mechanical Gaming Keyboard
Software Windows 10
Fake news intel a transparent company
 
Joined
Mar 10, 2015
Messages
3,984 (1.11/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Status
Not open for further replies.
Top