[tomc1985]

No. Security is already a non-concern amongst non-technical people, who unfortunately control most leadership positions. Protection from liability only means we get to see more, and worse, BS like this in the future.

We need to hold companies even more accountable than what they already are. 32 lawsuits is not enough, more like 320!

[sundvor]

64 would seem like the logical next step!

[sannee]

Assume you build a product using TLS as the underlying encryption layer. Unfortunately, few months later, some bored mathematician figures out how to completely break AES and ECDH.

Should you be held accountable for choosing "weak" ciphers?

[jnbiche]

> Should you be held accountable for choosing "weak" ciphers?

That would be up to the jury. For something like your scenario, as long as you're keeping up and using industry best practices, you almost certainly would have nothing to worry about. In fact, a case like that would likely be dismissed immediately by the judge before it ever went to trial.

[sannee]

Okay then, let's assume you are doing something more cutting edge. Like speculative execution involving memory prefetching.

What are "industry best practices" for that? There are like 3 companies which do this competitively at scale and each of them guard their methods like it's the Coca-Cola recipe.

[tomc1985]

If a bored mathematician breaks AES, I think a lawsuit is going to be the least of my worries...

[kuschku]

2.1161033472192524829557170410776298658794639108376130 * 10^664 lawsuits should definitely be enough to eliminate Intel, yes.