CTS Labs defends its public disclosure of AMD vulnerabilities

CTS Labs has received scrutiny this week for its decision to publicize the flaws it claims to have located in AMD's chipsets and Secure Processor architecture rather than pursue the traditional responsible vulnerability disclosure model. Security researchers typically contact the manufacturer of the vulnerable technology and give the company or companies 30-90 days to create and distribute fixes. In a public letter, CTS Labs' CTO Ilia Luk-Zilberman describes how he takes issue with the traditional model, and how the group of researchers decided the best course of action was to make the public immediately aware of the alleged flaws but withhold the technical details.

...

Read more...