Spectre is a side effect of speculative execution. If you don't know what speculative execution is, read a computer architecture textbook. It has been in use since ... I'm not sure I know 100%, but I think the IBM 360-91 (which was built in the mid 1960's as a high-performance supercomputer) had speculative execution. So that part has been around for over 50 years.
The problem with Spectre is an interaction between speculative execution and caches: While the not-taken part of speculative execution should have no effect on the ISA (in a nutshell, on the state of the computer as observable through a valid program), it has a tiny side effect: the speculative execution could have loaded data into the cache, and the effect of that is visible by studying the timing of future accesses. This is a classic side-channel attack. It's like the old joke: to measure whether there is international tension or not, just measure the number of late-night pizza deliveries to the pentagon.
CPU cache have been around since ... forever too. The first cache I'm aware of is in the IBM 360-67, which was built also in the mid-60s as a timesharing machine with virtual memory. Again over 50 years. I'm going to bet that if a real expert worked through it, they could find vulnerabilities that are like Meltdown and Spectre even in machines of the 1970s, when big mainframe computers had technologies that very much resemble what is available in microprocessors now. Unfortunately, that's going to be hard ... to my knowledge, there are no functioning 360, 370 or Cyber machines left in the world (there are lots of older and smaller machines, like IBM 1401, or PDP-9, -10 and -15, and even a lot of VAXes, I have two myself, but no mainframes based on discrete transistors or vacuum tubes).
So, you want to know why there is no "post mortem"? There are, dozens of them. Look at the wikipedia article for Spectre, and you will find links to the announcements and analysis (those typically have names that start with "CVE"). Read them carefully.
Whodunnit? Who found them? Security researchers, at academia and in industry. Who created the vulnerability? Whoever designed the CPUs. Given that nearly all modern CPU chips (those that have speculative execution and caches) have this problem, it's really hard to assign blame to one particular party. Sure, the typical Wintel-Haters will immediately claim that this is Microsoft's and Intel's fault. And to some extent they will be right: Given that Intel has 90% market share in CPUs used in computers (for some definition of "computer"), 90% of the machines with these vulnerabilities will be made by Intel (duh), so let's get mad at Intel. Obviously, this is very stupid. But there are lots of stupid people around (observe, as an example, the current President of the USA).
Where does the decision come from? The wish of the people who have been building CPUs for the last 50 years to give their customers machines that are (a) fast, (b) inexpensive, (c) power-efficient. With today's silicon, that requires techniques such as parallelism (meaning speculative execution as one way to have parallelism), and multiple layers in the memory hierarchy (meaning caches). It seems that CPU designers didn't think about a very low-bandwidth information leakage side channel that happens when you have both. The general concept of interaction of caches with side-channels has been known for at least a decade; I discussed it with colleagues in the context of storage subsystems (disks and RAID controllers) a long time ago, but I was not involved in CPU design. We decided that the risk and bandwidth were so ludicrously low for storage that it wasn't worth thinking about. Maybe people involved in CPU design also thought about it and rejected it being a significant risk; or maybe they didn't think about it. The important thing to remember is: those people are not evil, nor stupid. They are trying really hard to give CPU customers that what CPU customers have been clamoring for: chips that are "good, cheap, fast".
Really, if you want to get upset about something, and demand inquisition-like punishment (like reviewing design decisions), please (a) become an expert in CPU design first, and (b) look in other places where are much larger dangers. Really, the current political tendencies in most western countries are a much larger danger to human happiness than an obscure and difficult to exploit security bug in a chip. I worry much more about Bolsenaro, Urban, Brexit, Trump, and Kaczynski than about Spectre and Meltdown.
