Linus Torvalds has, without taking names, slammed the direction in which the IT security industry is going. The timing of Torvalds' comments is key. They come on a day when CTS-Labs published a press-release chronicling what they claim to be 13 critical security vulnerabilities with AMD "Zen" CPU microarchitecture. "It looks like the IT security world has hit a new low," Torvalds begins. "If you work in security, and think you have some morals, I think you might want to add the tag-line: "No, really, I'm not a whore. Pinky promise" to your business card. Because I thought the whole industry was corrupt before, but it's getting ridiculous," he continues. "At what point will security people admit they have an attention-whoring problem?"
CTS-Labs classified their 13 new discoveries into four categories, complete with a Meltdown/Spectre-esque graphics package, infographics, and a YouTube video with amateur-level green-screen stock footage behind the only 3 people the company has on its payroll. Their disclosures invited scorn from the public, particularly for not following the unwritten guideline of IT-sec industry that you have to give hardware/software manufacturers at least 90 days to respond/mitigate your findings before taking your work public. CTS-Labs gave AMD barely 24 hours. Some of the more skeptic voices suggest that these disclosures are part of a purpose-built stock shorting scheme that's currently engaged in devaluing AMD.
Reply With Quote
Bookmarks