The Thunderclap research landed at the end of February, and right on cue it arrived with a name and a tidy write-up. The substance is real and quite good: a family of flaws in how Thunderbolt and other DMA-capable peripherals are trusted by the operating system, the sort of thing that lets a malicious dock or device read memory it has no business reading. Worth reading, and worth caring about if you plug strange things into your laptop, which is most of us.
But I'll admit my first reaction wasn't the technical detail. It was, here we go, another one with branding. Ever since Heartbleed we've been on this treadmill where a vulnerability isn't done until it has a logo, a snappy name, and occasionally its own domain. Part of me finds it faintly ridiculous, a CVE in a marketing costume.
The honest counterpoint is that it works. I remembered Heartbleed and patched it. I remember Spectre and Meltdown every single day, because I'm still paying for them in syscall latency. The nameless CVE numbered flaws, the ones that are arguably more dangerous because they're unglamorous, sail past unpatched precisely because nobody can hold them in their head. A logo is a terrible way to convey severity, and apparently also the most effective one we've got. I don't have to like it to admit it's working.