It turned out they knew of it back in June 2017, but they kept it secret until the first days of 2018 giving vendors time to produce patches. Some have done their homework, some have not.
Following heartbleed, POODLE, two more big vulnerabilities have now stricken the Worldwide Computer Community: SPECTRE and MELTDOWN.
I will not focus on why the vulnerabilities are so impactful (for those who are interested, there is a nice website with awesomely written Technical Academic Papers here), rather, I want to share my humble opinion on such an important topic as this.
In the past 3 years, we have seen an incredible increase in both the number of discovered vulnerabilities, and the criticality of them. In most cases, vulnerabilities now affect all systems. It has gotten worse each time, so I strongly think that the paradigm on how we provide services through computers and how we design computers needs to change. The focus should shift from delivering a new (or even more) device(s) every year to delivering a secure architecture after peers have been able to review it. Just like how university papers and research findings are peer reviewed before being published!
More and more critical systems in society are relying on a few IT companies to run their critical and essential-for-human-life services (think about Nuclear Power plants, hospitals, airports, etc…). Maybe these companies should gather in a formal consortium, made up by these companies AND also include universities as actors. They should then agree on how to build secure and compatible architecture for the future to come – without critical Hardware and Software vulnerabilities. Universities have traditionally driven progress, nowadays it seems that corporations are. I am not saying that one is better than the other. I am just saying that they should talk to each other more often.
“Nature does not hurry, yet everything is accomplished” [Lao Tzu]