Companies are informed before the public, they are then given a period of time before the public release of the info in order to fix it. This is how its worked for quite a while now.
Hiding the information does nothing, someone out there is possibly already using the attack anyway and making it public forces the company to act instead of sweeping the problem away.
(Though AMD likes to make the fixes optional when they do get around to it anyway but details.)
I thought they only did that after the fix…
Companies are informed before the public, they are then given a period of time before the public release of the info in order to fix it. This is how its worked for quite a while now.
Hiding the information does nothing, someone out there is possibly already using the attack anyway and making it public forces the company to act instead of sweeping the problem away.
(Though AMD likes to make the fixes optional when they do get around to it anyway but details.)