[LudwigNagasena]

If your program eats all computer resources given specific inputs, is this a DoS vulnerability, simply a bug or even expected behaviour? It depends.

Is Spectre a vulnerability? Even that depends on what code you run and on which machine.

The reason your salary is going up is because there is no sensible access control management and sensible threat model for software. Can we know in which circumstances some software (or CPU) will be used? Can we assume who the users are? No, we can't because there are billions of computers out there and, thus, billions of different use-cases. And we all have to suffer from slower execution because someone wants to expose access to their machine through a multi-tenant single-process cloud environment or whatnot.