I have a generally positive view of Ron's work, but there's been some tragic missteps of late. This is a trashfire of a piece justifying incredible incompetence by Google[1], and suggesting a major vulnerability 'isn't a big deal': https://arstechnica.com/gadgets/2017/11/pixel-wont-get-krack...
[1]Google had months of notice under coordinated disclosure, and it took them a couple months after it went public for the fix to finally make it to Pixel devices (which is to say, most other Android devices still aren't patched). Since ROM authors fixed this in like two days, the fact that Google couldn't do it in five months is inexcusable. I actually suspect this may be part of why the Android Security Lead just shifted to a massively less important position at Google around the end of the year.
[1]Google had months of notice under coordinated disclosure, and it took them a couple months after it went public for the fix to finally make it to Pixel devices (which is to say, most other Android devices still aren't patched). Since ROM authors fixed this in like two days, the fact that Google couldn't do it in five months is inexcusable. I actually suspect this may be part of why the Android Security Lead just shifted to a massively less important position at Google around the end of the year.