How does the vim exploit influence high performance computing?

There was recently an exploit in vim, and here is a nice set of examples to show how it worked, and also how to check and fix your computer. I wanted to bring this up for discussion on this board because I’m interested in a few questions. I’m not a security expert, and I’d guess others would be interested also to know:

  • How are these exploits discovered?
  • What is the protocol for an individual or institution to take once it’s out? For example, if you run a cluster with thousands of nodes, what do you do? Are there rules around this?
  • How would anyone know if they had been hacked anyway?
  • It’s not always clear from the news if/when package managers are going to provide fixes (for example, linked above is a fix via a commit in GitHub). How can a user know if/when a package manager fix is available?

And of course any other wisdom you have about this! I’m generally interested in learning more about security practices.

CentOS 7.6 is not affected.