- Mar 10, 2004
I thought these were kept under wraps until solutions were found so that they could not be used by hackers. I thought that was the whole purpose of keeping them secret? Presumably hackers are unaware of them until they are published.This was responsibly disclosed, and continues to be responsibly disclosed in about the most efficient way possible given the surrounding factors. Both the entities (Amazon Security Research and Cyberus) are highly reputable and have skin in the game (especially given the AWS Datacenter underpinnings Amazon Security Research supports). Why do you believe "headlines and clicks" are driving this effort? This disclosure, and many of the Meltdown / Spectre disclosures have been handled very well given the scope, especially compared to that farce of a disclosure that was Ryzenfall.
Fortunately no use of them has ever been found.