Our colleagues from the TechPowerUP website with a link to a publication in the Dutch press that Intel made an attempt to bribe researchers who discovered MDS vulnerabilities. Vulnerabilities microarchitectural data sampling (MDS), microarchitectural data sampling, in Intel processors that have been on sale for the last 8 years. The vulnerabilities were discovered by security experts from the Free University of Amsterdam (Vrije Universiteit Amsterdam, VU Amsterdam). According to a publication in the Nieuwe Rotterdamsche Courant, Intel offered the researchers a "bounty" of $40 and an additional $000 to "mitigate the threat" from the identified hole. The researchers, the source continues, refused all this money.
In principle, Intel did nothing special. Following the discovery of the Specter and Meltdown vulnerabilities, the company launched a Bug Bounty cash reward program for those who discover a dangerous vulnerability in Intel platforms and report it to the company. An additional and mandatory condition for receiving a reward is that no one except specially appointed people from Intel should know about the vulnerability. This gives Intel time to mitigate the threat - it creates patches and interacts with developers of operating systems and component manufacturers, for example, by providing code for patching motherboard BIOS.
In the case of the discovery of the MDS class of vulnerabilities, Intel had little time to quickly mitigate the threat. Although the patches To the announcement of the discovery of new vulnerabilities, Intel did not have time to fully update the microcode of the processors, and these procedures are still to come. It is unlikely that the company planned to βbriberyβ forever hide the threat discovered by the VU Amsterdam team, but it could well buy itself time to maneuver.
Source: 3dnews.ru