Intel CEO Brian Krzanich published an open letter pledging an increased commitment to security, transparency, and collaboration.
Whether or not your view of Intel has been changed by the Meltdown/Spectre issue, we can probably all agree that Intel’s best option is come clean on the blunder. To that effect, Krzanich’s letter might be signaling at least some change to the way Intel does things.
Krzanich highlights Google’s involvement in discovering Meltdown/Spectre and also commits Intel to increased industry collaboration, at least on security matters.
To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats.
Intel is also committing to greater transparency on the performance impact of the Meltdown/Spectre patches. It recently chose to publish its own benchmarks and said that more would be coming. Towards its patching efforts, Intel says all affected CPUs will have fixes by the end of January, but it didn’t commit to changing its strategy here.
This is already the second major security issue requiring large-scale patch deployment by Intel within three months, the first being the Intel ME issue. Doubtlessly, many systems still and forever will remain vulnerable to both these issues because they’re too old to patch or are simply forgotten about. Intel should more actively push its partners to release patches and release more comprehensive vulnerability detection tools which also tell customers where to get updates.
Krzanich’s letter is undoubtedly standard PR. With ongoing lawsuits and allegations of insider trading, Intel will probably have to do a lot more to regain consumers’ trust.
Were you expecting them to issue refunds for every cpu they have made since 1995?
At least he isn't asking for his life back.
Allmost all Intel CPU are to a certain degree defective, including my seven year old i7.
Now what? Intel has a virtually unsellable inventory. Only US chips have the probs. Makes you think.
Since this is a design flaw that really affects every processor sold since the WWW thing was invented, it's honestly not a design flaw I think manufacturers can be held responsible for. What I see here is more of a precursor on upcoming mass security issues we're bound to get once our four dimensional world is made obsolete by quantum computing. That day, there'll be an infinite amount of holes and backdoors found, every day.