Intel Pledges To Put Security First After Meltdown, Spectre

Intel CEO Brian Krzanich published an open letter pledging an increased commitment to security, transparency, and collaboration.

Whether or not your view of Intel has been changed by the Meltdown/Spectre issue, we can probably all agree that Intel’s best option is come clean on the blunder. To that effect, Krzanich’s letter might be signaling at least some change to the way Intel does things.

Krzanich highlights Google’s involvement in discovering Meltdown/Spectre and also commits Intel to increased industry collaboration, at least on security matters.

To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats.

Intel is also committing to greater transparency on the performance impact of the Meltdown/Spectre patches. It recently chose to publish its own benchmarks and said that more would be coming. Towards its patching efforts, Intel says all affected CPUs will have fixes by the end of January, but it didn’t commit to changing its strategy here.

This is already the second major security issue requiring large-scale patch deployment by Intel within three months, the first being the Intel ME issue. Doubtlessly, many systems still and forever will remain vulnerable to both these issues because they’re too old to patch or are simply forgotten about. Intel should more actively push its partners to release patches and release more comprehensive vulnerability detection tools which also tell customers where to get updates.

Krzanich’s letter is undoubtedly standard PR. With ongoing lawsuits and allegations of insider trading, Intel will probably have to do a lot more to regain consumers’ trust.

  • dextermat
    Oh wow another excuse like BP ceo spills after spills after spills....
  • derekullo
    20585507 said:
    Oh wow another excuse like BP ceo spills after spills after spills....

    Were you expecting them to issue refunds for every cpu they have made since 1995?

    At least he isn't asking for his life back.

  • nitrium
    If a car company tried to pull the crap Intel has, i.e. selling a car with defective air bags and the fix is to make it drive slower, they'd be out of business. I think everyone who has bought an Intel CPU in the last 5 years should be fully refunded even if it bankrupts them. If the rule of law still existed and Intel wasn't deemed "too big to fail" they'd be forced to do just that.
  • kep55
    Where have we heard that before? Oh yeah. Microsoft, Intel, Apple...
  • redgarl
    I lost my confidence in Intel forever. I will never buy their CPU or product ever again in my life. I will give the chance to AMD now on. I am a user who was switching side at every generation... no more. The more I learn about Intel, the more it disgusts me.
  • ibm650
    so will they patch the older cpus? I have an I7 2600, still plenty fast
  • marcelo_vidal
    What i've Learn with Intel if some one says it have the best product don't get it. Because who is telling that have some dirt money in the pockets. Every single bit is running a favor of Intel and now what we get? A slowly machine and badly protection. I swear the god. No one coy can be better than the sandy bridge. Slow in some bench but it can run 3 4 programs at same time. Try it on a newer i7. I wish bad my old sandy.
  • thuck777
    I am not willing to sacrifice the kind of performance noted for my Windows 7 laptop running a Sandy Bridge i7 CPU. That is stupid, especially given that there really is NO threat. Now that so many systems are going to be updated, there is little reason for any scumbags to try to exploit these vulnerabilities, IMO. From my perspective, the cure is far worse than the disease, especially on older hardware / OS combinations. It just is not worth it. So, I believe Microsoft should make a way to have these patches be OPTIONAL and AVOIDABLE and UNINSTALLABLE. This is crap!
  • mischon123
    The Intel CEO sold a large pack of stock a year ago...not seen much reporting.
    Allmost all Intel CPU are to a certain degree defective, including my seven year old i7.

    Now what? Intel has a virtually unsellable inventory. Only US chips have the probs. Makes you think.
  • therealduckofdeath
    Nitrium, car analogies are still as irrelevant as they were when that whole thing started back in the 90's. Your car costs hundreds times more than your phone. Your car can have fatal accidents or serious environmental effects if it fails.
    Since this is a design flaw that really affects every processor sold since the WWW thing was invented, it's honestly not a design flaw I think manufacturers can be held responsible for. What I see here is more of a precursor on upcoming mass security issues we're bound to get once our four dimensional world is made obsolete by quantum computing. That day, there'll be an infinite amount of holes and backdoors found, every day.