Pretty much right on cue, Intel CEO Brian Krzanich issued an open letter Thursday in which he again praised the tech industry’s collaboration in the wake of the Meltdown and Spectre security flaws unearthed last week. The overriding idea, he said, is to earn back customer confidence “as quickly as possible.”
Ironically, the message comes around the same time that Intel found some patches cause problems with older chips.
Still, Krzanich’s message, directed at technology industry leaders, did more than just reiterate his keynote remarks at CES this past Monday -- it also laid out the chip maker’s three-point security pledge to customers. Krzanich, who seemingly wants to cover all the necessary bases, vowed that Intel will be better on updates, reports and assurances (see below).
(Quick rewind: Last week, Google Project Zero and other researchers discovered Spectre and Meltdown, two staggering security flaws that encircled systems running Intel’s, AMD’s and Arm’s chips dating back some 20 years. Both Meltdown and Spectre enable cyber intruders to pilfer data, including encryption keys and passwords, from chips. Word of the vulnerability drove Amazon, Google, Microsoft and other computer and device makers to swiftly issue software and firmware fixes.)
Intel Tries to Mend Cybersecurity Fences
And, we’re back...With Meltdown and Spectre both carrying the potential to menace the CPU and device world, Krzanich said he wants to be “clear about Intel’s commitments to our customers.” Here’s Intel’s pledge, in Krzanich’s words:
- Updates: By January 15, we will have issued updates for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder of these CPUs available by the end of January. We will then focus on issuing updates for older products as prioritized by our customers.
- Communications: We know that impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique. We commit to provide frequent progress reports of patch progress, performance data and other information.
- Assurance: To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks.
Krzanich also said that Intel will allocate “incremental funding” to academics and independent researchers to mine for potential security threats. In addition, he urged the industry to support the same three practices as has Intel. “There are important roles for everyone: Timely adoption of software and firmware patches by consumers and system manufacturers is critical. Transparent and timely sharing of performance data by hardware and software developers is essential to rapid progress,” he said.
And, he again called on the tech industry to work together to find and close security vulnerabilities ahead of the cyber gangsters. After all, it’s what everyone wants, he said.