I don't get these calls to a class action suit... If it was intentional, it could have a reason. But I just don't get this attitude when they are having a really bad day after someone discovered a new type of attacks on their chips.
Intel isn't having a bad day. The people who are stuck with chips that enable severe security exploits are having a bad day. Actually they are going to have a bad year till the design flaw is fixed in hardware. Or maybe even 5 years. Who knows.
Intel is 100% liable to face a lawsuit over this. Consider if a major car brake manufacturer discovered that there was a design flaw in the brakes that prevented them from functioning in certain situations. It'd be facing multiple lawsuits by now whereas Intel is going with "our chips are the most secure ever" line.
I think you are confusing security and safety. Security is about dealing with malicious attackers, while safety is about making sure random events and mistakes won't kill you.
Your example with the brakes is about safety, i.e. making sure the car won't kill you during normal operation. Normally, unless their CPUs start bursting into flames, this is not a problem for Intel.
The problem here is about security. A car analogy would be that to start your car, you need a code and that code can be found by measuring how long it takes to process the input, making life easier for thieves.
As for liability, I don't think you can be liable in court if you didn't plan for something that wasn't known at the time and isn't trivial.
The car analogy is very good one. Also an infamous Samsung Galaxy Note 7 comes to mind. I agree that such security hole such warrant for a replacement.
I don't believe the car analogy is good. And neither is the Note one.
In both of those cases the products can cause serious harm without any third party implication. The brakes would just go of or the battery would explode during normal function.
However, in the Intel case there has to be an attacker that actively exploits an issue in design.
To me this would be like making a class action suit against all lock vendors because they can be bypassed with the right set of tools. The fact that this affects everyone (Intel more than others) and that it took 10 years to find grants them some excuse. Also the architecture is not secret as far as I know so anybody could have audited this. They most probably did do so and found nothing until now.
Now, I do not like Intel communication around this and if it comes out that they knew this for years and decided to sit on it then it would be a different story.
Class action lawsuits are useful when there is negligence, or bad intent but in this case what could it possibly solve?
In both of those cases the products can cause serious harm without any third party implication.
Sorry, but in the 21st century world of the internet, cracking needs to be taken as a given. In many cases, "normal use" for a computing product means exposing it to use and therefore potential attack from anywhere on the internet. CPUs certainly fall into this category.
You don't have to inflict intentional injury to be liable for something like this. Intel's customers aren't getting what they paid for, so it seems pretty reasonable for the company to compensate them.
If you bought a car that was advertised as having 300 horsepower, and then the manufacturer realized it was unsafe unless they made a software change limiting the horsepower to 200, wouldn't you expect some compensation?
Time of purchase product to time of knowledge of flaw allows for time-frame to file lawsuit(s).
Example. Intel worked on rushed product to compete against AMD threadripper. That time was after the time of the known issue. Thus Intel was investing in continual bad practices and selling known bad products instead of investing in fixing the hardware flaw.
Major flaw in a car prevent selling a card until the flaw is fixed. Why shouldn't this also applying to computers that run the cars and other products?
