arandomguy
Senior member
- Sep 3, 2013
- 556
- 183
- 116
If Microsoft were to apply the patch to both AMD and Intel equally - would they be open to legal action by AMD if they refused to add the 2 lines of code in that it would take to qualify patch applicability?
So for me what is interesting about this situation is what happens in terms of a liability scenario?
Let's say AMD asserts they do not need any type of patch and do not want one due to performance implications. Microsoft (or whatever equivalent software vendor) can choose whether or not to believe this or make it an optional toggle (and with what default setting). Now Amazon (or whatever service provider) or other user of said software can choose what to believe in whether or not to enable said toggle.
We move down a few years and find out that this assertion by AMD ended up being wrong and someone exploited these attack vectors and causes a massive data breach. Who ends up bearing liability in this case?
It seems to me for a party such as Microsoft they have no stake, at least presumably, in any specific IHV and so would implement said solution just to cover themselves or at least default any toggle to on. For a service provider using their OS they themselves would have to weigh the potential risk with respect to hardware acquisition. As it seems impractical at the end should such a scenario occur to then chase AMD for liability.