The disclosure timeline for @quarkslab's PixieFail is hilarious and mirrors my experience of trying to manage disclosure of firmware vulnerabilities with IBV/ODM/OEMs. https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
@quarkslab (but I was never asked if I would fix the problem for them... and even now I'm not sure exactly how Intel worked around the Bootguard fuse misconfiguration, so the mitigation section of my writeup is speculative)