Is it better for you to have vulnerabilities that can be or are being exploited on equipment that cannot be software patched and may be in use on critical or sensitive equipment for many years and has been covered up by the CPU manufacturers or know about the vulnerabilities and allow yourself to look at mitigation to stop them being exploited - or at least know the risks?