Want to get thoughts on where the cutoff for Meltdown, Spectre are assuming up to date microcode and OS patches when deploying something as a firewall, or a VM host with guests possibly running hostile code. I'm more thinking about security than performance, I'd rather nail down what is secure "enough", and then go from there. I've done a bunch of reading but it's hard to get a feel for "things good enough for a SOHO" as I imagine if I were ever under targeted attack, I'd have an issue no matter what. But what I don't want to do is run something *so* vulnerable that I'm easily hit by less targeting things. I know people regularly hit the subnet of my ISP looking for easy vulnerabilities due to my firewall logs.
And perhaps a more important question and harder to nail down: Where is the cutoff if you have to assume you WONT get any bios/microcode update and must rely on hardware mitigation and/or OS patches.
And perhaps a more important question and harder to nail down: Where is the cutoff if you have to assume you WONT get any bios/microcode update and must rely on hardware mitigation and/or OS patches.