Intel CEO Addresses the Industry on Meltdown and Spectre Issues in Open Letter
by Anton Shilov on January 11, 2018 10:15 PM EST
Brian Krzanich on Thursday published an open letter addressing its partners and customers regarding the aftermath of the Meltdown and Spectre exploits publication. Chief executive of Intel reiterated the company’s plans to release security updates for its recent CPUs by early next week and mentioned the importance of collaborative industry-wide security assurance and responsible disclosures regarding security vulnerabilities going forward.
Intel intends to release software and firmware patches for 90% of its CPUs launched in the past five years by January 15. By the end of the month, Intel plans to issue software updates for the remainder 10% of processors introduced in the same period. After that, Intel will focus on releasing updates for older products based on requests and priorities of its customers. The company confirms that patches have an impact on performance and says that it varies widely based on workloads and mitigation technique.
Going forward, the world’s largest maker of microprocessors plans to share hardware innovations with the industry to fast-track development of protection against side-channel attacks. In addition, the company intends to increase funding for academic and independent research of security threats. Brian Krzanich expects other industry players to follow similar practices: share security-related hardware innovations and help researchers of security vulnerabilities.
The original letter reads as follows:
An Open Letter from Brian Krzanich, CEO of Intel Corporation, to Technology Industry Leaders
Following announcements of the Google Project Zero security exploits last week, Intel has continued to work closely with our partners with the shared goal of restoring confidence in the security of our customers’ data as quickly as possible. As I noted in my CES comments this week, the degree of collaboration across the industry has been remarkable. I am very proud of how our industry has pulled together and want to thank everyone for their extraordinary collaboration. In particular, we want to thank the Google Project Zero team for practicing responsible disclosure, creating the opportunity for the industry to address these new issues in a coordinated fashion.
As this process unfolds, I want to be clear about Intel’s commitments to our customers. This is our pledge:
1. Customer-First Urgency: By Jan. 15, we will have issued updates for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder of these CPUs available by the end of January. We will then focus on issuing updates for older products as prioritized by our customers.
2. Transparent and Timely Communications: As we roll out software and firmware patches, we are learning a great deal. We know that impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique. We commit to provide frequent progress reports of patch progress, performance data and other information. These can be found at the Intel.com website.
3. Ongoing Security Assurance: Our customers’ security is an ongoing priority, not a one-time event. To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats.
We encourage our industry partners to continue to support these practices. There are important roles for everyone: Timely adoption of software and firmware patches by consumers and system manufacturers is critical. Transparent and timely sharing of performance data by hardware and software developers is essential to rapid progress.
The bottom line is that continued collaboration will create the fastest and most effective approaches to restoring customer confidence in the security of their data. This is what we all want and are striving to achieve.
— Brian Krzanich
Related Reading:
Source: Intel
Facebook
Twitter
RSS
65 Comments
View All Comments
jjj - Thursday, January 11, 2018 - link
Intel has about as much credibility as Trump and their current actions are no different than the decades of BS. They went too far with the spin, folks got angry and now they are backing off, promising to behave.Look at their shared perf numbers , they conveniently forget to note that older CPUs will see a larger impact and ofc there is no word on power consumption. They call that transparency.
There will be nothing but BS form Intel , talk is cheap while doing the right thing costs money.
Bullwinkle-J-Moose - Thursday, January 11, 2018 - link
"they conveniently forget to note that older CPUs will see a larger impact"-------------------------------------------------------------------------------------------------
Only when using Windows 7 / 8 or 10 where the MS firewall cannot be "completely" replaced
I can block java and anything else I want in an aftermarket firewall for XP and still use the Internet with no worries of malware so I won't be seeing a slowdown here as I won't be getting "the Fix" for meltdown
Secure boot platforms will not be able to avoid the problem however as the back doors cannot be closed by the end users and will require "the Fix"
Bullwinkle-J-Moose - Thursday, January 11, 2018 - link
Correction..."Most" secure boot platforms can cannot run Windows XP
Bullwinkle-J-Moose - Friday, January 12, 2018 - link
Not for meltdown, but....
New Google Fix claims ZERO IMPACT to performance >
http://www.zdnet.com/article/google-our-brilliant-...
dgingeri - Friday, January 12, 2018 - link
If you think you can run XP and still surf the internet safely, then you have far more issues than operating systems.Bullwinkle-J-Moose - Friday, January 12, 2018 - link
"If you think you can run XP and still surf the internet safely, then you have far more issues than operating systems."--------------------------------
Yes, the biggest issue is all the Trolls at this site!
Using XP-SP2 without any MS security updates and an antivirus that expired 2 years ago and not getting infected by any malware even when searching for the worst types of malware
It's easy for a real Windows security expert to lock down XP to prevent persistent threats of any kind
Just make your OS Read Only and stop using Java & Flash
Any remaining threats are easy to stop as long as you have a quality aftermarket firewall and a few additional tweaks
It is not used for banking and no passwords are ever entered so not worried about the latest temporary memory hack of the week
But it is indestructible and reliable for security research
HStewart - Friday, January 12, 2018 - link
"Yes, the biggest issue is all the Trolls at this site!"But I seem worst sites - actually I left one that was so bias the site lost total creditability for me.
In the end the trolls on sites don't mean anything. One should purchase on your experience and not make it based on other opinions. I will clearly state - I prefer Intel products - this is because I have 3 decades of experience in technical area - and for me personally I had bad experience with ATI. But I also own a Xbox One S primary for UHD 4K playback and also a couple of Samsung Galaxy tablets and I been using iPhone since iPhone 3. But if you want to used AMD or another product go ahead - but don't tell me that Intel has no creditability and bring it as political debate without any merit.
Bullwinkle-J-Moose - Friday, January 12, 2018 - link
"but don't tell me that Intel has no creditability and bring it as political debate without any merit."------------------------------------------------------------------------------------------------------------------------------
I would never do that Stewie
ALL of the computers I use are INTEL
Others have given me Apple devices and AMD computers over the years but I would never use them as a primary (or even secondary) device
INTEL is Great when I can run any compatible O.S. and not be forced to use what Microsoft graciously allows me to use
You have me beat with your 3 decades of experience however as I only have 29 years experience with INTEL ONLY!
HStewart - Monday, January 15, 2018 - link
I actually have an original IBM PC - but 256K version in my closet somewhere.Intel is no different than any other CPU running on x86 about Windows - you have other choices just you have deal with their quirks of installation - for awhile I was actually work with OS/2
One thing and it maybe just slang please don't shorten my name. Maybe I should used unreal name also.
0ldman79 - Tuesday, January 16, 2018 - link
I really don't understand how folks actually depend on MS to keep the OS secure.Don't depend on Microsoft for your security and you can keep XP, Vista, 7, 8, 10, whatever, secure.
How hard is this to understand?