1 comment

[ 3.0 ms ] story [ 12.2 ms ] thread
The intro here was interesting to me, I hadn't considered the cost that embargoed vulnerabilities like this might cause to people / companies outside of the inner circle. How many man hours went into debugging AWS performance drops alone before the public disclosure, and eventual identification of the link between those performance drops and these issues?

Could AWS+similar have made people aware in advance that patches would slow their system down? Would that have leaded to an earlier disclosure? Would it have reduced the incidental costs?

Probably the answer is no - they couldn't have, but it's interesting to consider.