CTS Labs Explains Why It Gave AMD A Single Day To Respond To Alleged Chip Flaws….. I Don’t Know If I Believe It Though

Yesterday I told you about a company called CTS Labs who went public with flaws that are allegedly in AMD CPUs after only giving AMD a day to respond. That bucks the standard of giving a company 90 days to fix an issue before going public. That’s known as Responsible Disclosure. But these guys clearly don’t buy into that and the question I have is why did they simply give AMD a single day to respond. It truly sounds underhanded. We now have answers on that front via Tom’s Hardware where CTS Labs explained why they went that route:

CTS Labs told us that it bucked the industry-standard 90-day response time because, after it discussed the vulnerabilities with manufacturers and other security experts, it came to believe that AMD wouldn’t be able to fix the problems for “many, many months, or even a year.” Instead of waiting a full year to reveal these vulnerabilities, CTS Labs decided to inform the public of its discovery.

That isn’t to say that CTS Labs revealed the problems without checking their veracity. The company told us that it consulted with other security experts and manufacturers about the issue, provided them with proofs of concept and tutorials for exploiting the vulnerabilities, and waited for their responses before preparing the flaws for public disclosure. Trail of Bits CEO Dan Guido confirmed that his company backed up the findings, for example.

I am sorry but I have a huge problem with this explanation. The cynic in me says that this company who nobody had heard of before yesterday was looking for a way to get their name in the news. So when they tripped over this issue…. Assuming that this discovery is accurate of course seeing as AMD hasn’t yet confirmed it…. They went into “beast mode” to create a slick website with equally slick videos to get their message out before speaking to AMD and giving them a day to respond. Of course knowing that they could not respond that quickly. Then when the 24 hours were up, BOOM, you get this. This whole thing sounds really fishy to me. Besides if we assume that none of these flaws were in the wild, there’s little risk to those who own these processors. AMD could look at this, figure out how to address it, and do in a reasonable manner. But now that these flaws are in the wild, AMD likely will have to rush to get something out to address this. Again, assuming that this discovery is accurate. I really don’t get the warm fuzzies from these guys. I want to see how AMD responds to this, and if it’s proven (key word proven) to be false or having a very limited impact, I hope they take appropriate action against CTS Labs.

Advertisements

One Response to “CTS Labs Explains Why It Gave AMD A Single Day To Respond To Alleged Chip Flaws….. I Don’t Know If I Believe It Though”

  1. […] public with flaws that are allegedly in AMD CPUs after only giving AMD a day to respond. Then they explained why they went that route yesterday, which left me calling “BS” on their explanation. But now things have gotten real […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: