> Attempts to defend CTS only show that his reciprocal contempt for them is well deserved.
What attempts are these? I honestly haven't seen many people defending them. The few people I know of that are associated with the security industry here don't seem to have a high opinion of this whole endeavor.
That's interesting, as he's one of the people I was talking about.
I went over the announcement comments from the other day[1] for his stance, and I think you're mostly seeing what commonly happens with tptacek's comments, in that he a) tries to make a nuanced opinion about a specific aspect of what's being discusses, b) people interpret it as an overall statement about the (or one of, or multiple) of the topics being discussed, c) the argument getting really into the weeds, and d) him occasionally getting short or annoyed with people he's arguing with, likely because after a chain of him repeating himself for 5 plus comments people are still ignoring the nuanced point he's trying to make.
That may be interpreted as a blanket defense of him, but it's not meant that way. It is what I see quite often in the comments with him though, I think mostly because he's willing to wade in and try to make a specific nuanced point on what many people feel are contentious topics. He's not always right, and sometimes his authoritative way of stating things may work against him.
In this specific case, he spent a lot of time arguing that no time is needed before public announcement (which he has argued many times before). I agree with this in general, even if it's painful in the specific sometimes. It's like free speech, not allowing it is much worse than just dealing with the annoying times you wish people would have exercised more constraint. The alternative gets bad fast.
To point, all the comments I just read form tptacek seem to be arguing specifically that 24 hours isn't too short (as in nothing is too short, but if I understand tptacek's position from past arguments the nuance here is that he doesn't condemn them for this, even if he would prefer coordinated disclosure), and that short selling is nothing new. He does note how this is somewhat unique in how brazen it is[2]. I'm not sure his thoughts on whether they announced to media prior to AMD, and whether that's in line with what he believes.
What attempts are these? I honestly haven't seen many people defending them. The few people I know of that are associated with the security industry here don't seem to have a high opinion of this whole endeavor.