最近洩漏出來的 Intel 程式碼...

已經有不少新聞都有報導提到最近被丟出來的 Intel 程式碼:

這些程式碼都是需要簽 NDA 或類似的合約才能拿到,這次被丟出來可以看到不少東西... 發佈的人有提到可以搜尋一些「關鍵字」,像是 backdoor 這個:

然後結果還蠻有趣的,看起來這包 20GB 的檔案可以讓不少人研究一陣子...

AWS 的稽核報告服務:AWS Artifact

以往要取得 AWS 的稽核報告都必須簽署 NDA 並透過 support ticket 取得 (或是找窗口拿),現在 AWS 把這件事情做成一個服務:「Introducing AWS Artifact: Speeding Access to Compliance Reports」。

服務叫做 AWS Artifact,還是要簽保密協議,不過電子化了:

You can start downloading the audit reports in the AWS Management Console today. Many of the documents are confidential and require you to accept Amazon’s confidentiality terms and conditions, but after you review and agree to those terms, you will be granted instant access to review documents.

這樣取得資料就可以透過系統直接拉出來了:

To document the current and historical compliance of the AWS infrastructure and services, many AWS customers provide compliance reports—including those for ISO, SOC, and PCI—to their auditors or regulators.