Improving the handling of embargoed hardware-security bugs
Improving the handling of embargoed hardware-security bugs
[Kernel] Posted Oct 25, 2018 17:27 UTC (Thu) by corbet
Jiri Kosina kicked off a session on hardware vulnerabilities at the 2018 Kernel Maintainers Summit by noting that there are few complaints about how the kernel community deals with security issues in general. That does not hold for Meltdown and Spectre which, he said, had been "completely mishandled". The subsequent handling of the L1TF vulnerability suggests that some lessons have been learned, but there is still plenty of room for improvement in how hardware vulnerabilities are handled in general.