AMD never had one as boneheaded as Meltdown. Intel keeps having more and more uncovered, and according to researchers who went on the record in the NYT, they are not handling reported vulnerabilities quickly or thoroughly. https://www.nytimes.com/2019/11/12/technology/intel-chip-fix...
IIRC intel stopped doing as much validation like 10ish years ago (so, 2009/2010). it would be nice to see then publish a paper about how those decisions lead into these problems...
My understanding is that chip QA at Intel took somewhat of a nosedive post Haswell. From my ignorant but interested outsider perspective, everything from Broadwell on seemed to be a mess execution-wise compared to Haswell (modulo TSX), and _especially_ compared to Ivy Bridge.
Some of the recorded comments on https://danluu.com/cpu-bugs/ (First update section) mesh with my observations, but I wouldn't know enough to tell if I was on to something, or just confirming my own biases.
It really is. I got hit pretty bad by an ubuntu intel-microcode package regression, which has this annoying property that soft reboots fail (and hard reboots are fine). I lost about 3 days of work to this[0], and our mitigation (pinning the package to an earlier version) is still painful, because you have to go through one OS installation cycle and still manually reboot (we do a lot of manual OS installations, and debugging "first installs").
Anyways I was bitching about this to my roommate, and she remarked that hey you know acquaintance X we know works in Intel software security division. I told her to give him crap about it and apparently his response was something like "we should have closed comments on that github issue". I feel like this is not a really appropriate response, even between friends.
AFACIT the package still hasn't been fixed and the official ubuntu solution is to roll back to the nonbroken version.
[0] admittedly slightly poor internal communication is also responsible, since this was observed by our support staff for our customers which didn't make it known to R&D - me
Intel is also the most used processor in the market at the moment, once that balance shifts, more attention will be paid to AMD processor so we'll potentially have more vulns uncovered.
I'm inclined to believe that this is actually the case and not that AMD wrote more secure software. All software has security vulnerabilities, the more eyes on the software the more of them are found.
This isn't "Software" It's hardware (well both but lets not get too pedantic) and everyone was throwing cache and speculative exploits by the shovelful at both AMD and Intel. AMDs are indeed at the very least, "Less insecure."
Way more shit stuck to Intel for one reason. The speed advantage Intel had been lording over AMD (Besides compiler shenanigans) was all the corners they were cutting with there speculative execution, et al.
Amazing timing that; AMD closing those benchmark gaps and the mass meltdown mitigations in Intel products... all in the same decade Intel was court ordered to fix their unfair C compiler. Intel's domination is simply over...