> Security-First Pledge
So, I take it Intel will be sharing lots of info about the Intel ME, as well as supported ways of disabling it? Or am I getting my hopes up?
The smug face you see there, friends, is that of a man with 39 million reasons not to care about this security-first pledge which someone else wrote.
I am curious how the BIOS/Firmware updates will be managed. Microsoft points to manufacturer. Manufacturer may 1) not be in the consumer personal computer market, or 2) even if the manufacturer is still in the business of selling computers may no longer be supporting specific devices. I'm specifically thinking of Toshiba, but there may be other examples out there.
Ideally there will be a way to safely update BIOS/firmware directly from Intel.
> In particular, we want to thank the Google Project Zero team for practicing responsible disclosure, creating the opportunity for the industry to address these new issues in a coordinated fashion.
I understand this a PR piece, and thus the use of the term "responsible disclosure". I believe the HN community disapproves of this terminology, and prefers usage of the term "coordinated disclosure".
The question that I had was whether Google's project zero team prefers one term over another? Or in general, if you're a security researcher and have involved in reporting vulnerabilities - can you take a stand and emphasize "coordinated disclosure" term in your own articles?
"There has been a disturbance in the kitchen..."