Intel promises speedy exploit patches in its Security-First Pledge

Yesterday, Intel released an open letter, authored by none other than the company's CEO Brian Krzanich, praising the industry for its response to the Meltdown and Spectre attacks. In the letter, Krzanich expresses his thanks to other companies and groups involved in the detection, disclosure, and mitigation of the flaws, and explicitly names Google's Project Zero team. He then goes on to clarify Intel's "commitment to [its] customers," which refers to three pledges regarding continued exploit mitigation work.

Starting off, Krzanich says that "90% of Intel CPUs introduced in the past five years" will have mitigation patches in place for the security flaws by January 15. He also promises that the remainder of those products will have patches out by the end of January, and then says the company will continue to issue fixes for older products "as prioritized by [its] customers." There are no specifics beyond that, however.

Intel's CEO then goes on to remark that Intel is "learning a great deal" from working on the mitigation patches. He says that "impact on performance varies widely" and that the company is committed to laying out progress reports and performance data like the results we reported on yesterday.

Finally, Krzanich pledges to release details of significant security vulnerabilities while "following rules of responsible disclosure." Intel will also commit to "[sharing] hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks."

Considering the scope and impact of Meltdown and Spectre, we expect we'll be talking about about the exploits and mitigation measures for a while.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.