A few weeks back, CPU bugs Meltdown and Spectre (why the b-movie titles?) made headlines for the comprehensive threat they posed (and still do) to computer security.
[Jake Swearingen]: To me, a layman, it’s odd that CPUs require so much research, since the architecture is designed by humans. Why do they require so much outside research to sort of understand what they’re doing?
Diagram of a chip
[Researcher Anders Fogh] Because CPUs are remarkably complex. So to build a CPU, what you do is, you take a handful of sand, bit of epoxy, a tiny bit of metal, and a bit of pixie dust, and you stir it all together and you get this machine that basically runs our world today. You can imagine that that process has to be very, very complex. So down at the lowest level you have to deal with quantum phenomena; at the next level you have heat dissipation; on the next level you have to connect everything; and then the next level and next level all the way up, you actually have a piece of silicon that takes instructions, and that just turns out to be incredibly complex. For scale, a modern CPU, not even the newest and the biggest, has about 5 billion transistors in them. The Saturn V rocket that took man to the moon has about 3 million. So this is a really ridiculously complex machine, and they have been developed for longer than I have been alive.
Begins to get at why unwinding CPU-based vulnerablities is a formidable task.
A Few Reasonable Words 