Re: Safe enough - IF no third party code
"If there is a "secret" engineering backdoor then this is a much significnat problem than spectre or meltdown."
Go down and watch the team commissioning all your new hardware, discreetly shoulder surf them, if it has in life failure, see how the vendor's engineer recovers it. It can be very very enlightening.
These are our industries dirty secrets tucked away and not spoken of openly much because they make the life of people running the hardware easier on a day to day basis. Trot out the DC and pull that chassis and recover it back to base as per official procedure to get it back vs get a coffee sit at your desk and use the "shortcut" to make life easier. I know what the majority of (human) people would do.
People leave teams, move companies, talk to other people inappropriately occasionally, find things independently when they shouldn't and other shenanigans. Yes its been our role if its discovered to have that removed or controlled when it becomes known but then you are into asking for vendor fixes for issues on a black box appliance. Are you suggesting this simply does not happen?
Its a much broader topic I agree, but its why I have difficulties taking at face values any statements from PR releases that something is a black box system therefore does not require any attention to the insides. Ever.
Last post in this thread.