Pretty much. Everything you needed to figure this out was public.
Just publishing stuff doesn't help much in areas this complex and specialized where there are a very small number of people who can really understand what is published.
There is also a major difference between reading a spec and discovering an exploit through an adversarial process.
Nobody who had complete access to confidential data (at Intel or anywhere else) figured this out. People on the outside working with an adversarial process did.
The adversarial process is driven by testing not documentation. There is no reason to think that the people who figured it out would have been aided by having more internal documentation.
Pretty much. Everything you needed to figure this out was public.
Just publishing stuff doesn't help much in areas this complex and specialized where there are a very small number of people who can really understand what is published.
There is also a major difference between reading a spec and discovering an exploit through an adversarial process.
Nobody who had complete access to confidential data (at Intel or anywhere else) figured this out. People on the outside working with an adversarial process did.
The adversarial process is driven by testing not documentation. There is no reason to think that the people who figured it out would have been aided by having more internal documentation.