Intel CEO Addresses the Industry on Meltdown and Spectre Issues in Open Letter
by Anton Shilov on January 11, 2018 10:15 PM ESTBrian Krzanich on Thursday published an open letter addressing its partners and customers regarding the aftermath of the Meltdown and Spectre exploits publication. Chief executive of Intel reiterated the company’s plans to release security updates for its recent CPUs by early next week and mentioned the importance of collaborative industry-wide security assurance and responsible disclosures regarding security vulnerabilities going forward.
Intel intends to release software and firmware patches for 90% of its CPUs launched in the past five years by January 15. By the end of the month, Intel plans to issue software updates for the remainder 10% of processors introduced in the same period. After that, Intel will focus on releasing updates for older products based on requests and priorities of its customers. The company confirms that patches have an impact on performance and says that it varies widely based on workloads and mitigation technique.
Going forward, the world’s largest maker of microprocessors plans to share hardware innovations with the industry to fast-track development of protection against side-channel attacks. In addition, the company intends to increase funding for academic and independent research of security threats. Brian Krzanich expects other industry players to follow similar practices: share security-related hardware innovations and help researchers of security vulnerabilities.
The original letter reads as follows:
An Open Letter from Brian Krzanich, CEO of Intel Corporation, to Technology Industry Leaders
Following announcements of the Google Project Zero security exploits last week, Intel has continued to work closely with our partners with the shared goal of restoring confidence in the security of our customers’ data as quickly as possible. As I noted in my CES comments this week, the degree of collaboration across the industry has been remarkable. I am very proud of how our industry has pulled together and want to thank everyone for their extraordinary collaboration. In particular, we want to thank the Google Project Zero team for practicing responsible disclosure, creating the opportunity for the industry to address these new issues in a coordinated fashion.
As this process unfolds, I want to be clear about Intel’s commitments to our customers. This is our pledge:
1. Customer-First Urgency: By Jan. 15, we will have issued updates for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder of these CPUs available by the end of January. We will then focus on issuing updates for older products as prioritized by our customers.
2. Transparent and Timely Communications: As we roll out software and firmware patches, we are learning a great deal. We know that impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique. We commit to provide frequent progress reports of patch progress, performance data and other information. These can be found at the Intel.com website.
3. Ongoing Security Assurance: Our customers’ security is an ongoing priority, not a one-time event. To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats.
We encourage our industry partners to continue to support these practices. There are important roles for everyone: Timely adoption of software and firmware patches by consumers and system manufacturers is critical. Transparent and timely sharing of performance data by hardware and software developers is essential to rapid progress.
The bottom line is that continued collaboration will create the fastest and most effective approaches to restoring customer confidence in the security of their data. This is what we all want and are striving to achieve.
— Brian Krzanich
Related Reading:
Source: Intel
65 Comments
View All Comments
Questor - Friday, January 12, 2018 - link
Let's leave politics out of this. Not all of us want it 24/7 from every angle. As for Intel, BINGO! Now they have been hit the hardest ,they want everyone to share their toys so they won't be again. I say screw em. They got here by themselves, let them fix it by themselves.FunBunny2 - Friday, January 12, 2018 - link
"Now they have been hit the hardest ,they want everyone to share their toys so they won't be again. I say screw em. They got here by themselves, let them fix it by themselves. "some folks have been warning about the perils of mono-culture in IT for some years. say hello to peril.
HStewart - Friday, January 12, 2018 - link
Agreed - there is enough fake news in the political arena. It basically the same problem in tech industry with Intel. If the some one is on top - they try to disgrace whoever or what ever, to justified picking the one or product that is not.This security issues effects the entire computer industry and they bash Intel - who knows they may even try to state Intel cause the entire think.
Bringing Politics into technical discussion shows lack of creditability for the person that brings it up. And especially not researching the information and making response from bias view point is in educated.
HStewart - Monday, January 15, 2018 - link
Intel didn't do this - the one that come up with these problems - also it is not just Intel that has this problem - just they are people on net that are extremebios against Intel. I think the real problem started with IBM and possibly Microsoft with original IBM PC. IBM desired to have second source of cpu's with the original IBM PC designs - so AMD was designated to clone the Intel designed - so imaging spending millions of dollars on designed and being told that another company can also make it. To make it worst they make unofficial changes to product and have people that want to say Intel is really bad -Are we better off now - not sure completion does make Intel push it to limits - but what is the real completion of Intel now - maybe Initially it was AMD but now it ARM and smaller units - some may say 64 bit - but that 64 bit is just a natural extension of original Intel 32 bit designed and I believe it would have naturally came
Bullwinkle-J-Moose - Thursday, January 11, 2018 - link
"We also commit to adding incremental funding for academic and independent research into potential security threats."---------------------------------
I'm not entirely sure "security threats" means what you think it means, but fine.....
SHOW ME THE MONEY!
Pinn - Friday, January 12, 2018 - link
Intel randomly gave me a cash bonus as a graduate intern awhile back. They can show the money.Fx1 - Friday, January 12, 2018 - link
So you got paid some money while doing free work! HAHAHA. interns.. thats funny. only in the usa..Pinn - Monday, January 15, 2018 - link
Free work? I got 1.5x what I made after getting my BS computer engineering (amusingly at Intel as well). The MS is computer engineering. I suppose benefits and some other bonuses would make things a bit more equal.FunBunny2 - Friday, January 12, 2018 - link
"Intel randomly gave me a cash bonus as a graduate intern awhile back. They can show the money."ah, your kind will be replaced by Medicaid recipients working off their healthcare "gift". sort of like outsourcing to poor countries without the bother of travel. :)
Pinn - Monday, January 15, 2018 - link
I don't think a single word here makes sense. Maybe the :) makes sense.