再保险:即将到来的英特尔的问题

结婚,3 2018年1月,肯特写道:Landfield:关于第二个问题,你有打我的疼痛点?我答:厂商,英特尔是一个供应商,RedHat是一个供应商。我不希望任何人:创建cf为我公司吗?年代问题除了我PSIRT团队。供应商:需要第一个机会,只有在他们正式:表示他们不会的问题在明确和适当的CVE:精确的方式,应该有人妨碍他们的提醒:通过建立客户咨询过程。没有:“先授权CVE CNAs。时期。首先,我完全理解你的意思,很感激。第二,魔鬼的代言人:第一个24小时的新闻报道有同样的钻头;万博下载包“英特尔”没有回应我们的置评请求。有线文章发表大约半个小时前我看到首次引用某人从英特尔。 Meanwhile, Apple already patched via workaround in macOS over a month ago, Linux patches have been public for some time, etc. A single article I have seen has given this vuln a name (Chipzilla), meaning the last 24+ hours this has been "the Intel bug" to some, "the Linux Kernel vulnerability" to others. Since CVE was designed in part to give a single unique identifier, it's worth discussing if high-profile issues w/o public vendor / CNA reference should use a different assignment process. Thoughts? Brian