Are there any takes on MELTDOWN/SPECTRE implications on “cloud compliant” HIPAA regulated applications? My naive/intuitive take: MELTDOWN/SPECTRE means you can’t do HIPAA on cloud/shared servers anymore.
My (on vacation, not looking that hard) understanding is that neither are patchable at the CPU microcode level. OSes/VMs will be able to help prevent some exploits. Some apps may need specific protections.
-
-
Yeah, that matches my naive understanding. OS/VM/hypervisor patches help mitigate but do not fully prevent exploitation
-
We'll see. Compiler mitigations look promising: https://twitter.com/lcamtuf/status/948972410899845120 …
This Tweet is unavailable.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.