Intel CEO Addresses the Industry on Meltdown and Spectre Issues in Open Letter
by Anton Shilov on January 11, 2018 10:15 PM ESTBrian Krzanich on Thursday published an open letter addressing its partners and customers regarding the aftermath of the Meltdown and Spectre exploits publication. Chief executive of Intel reiterated the company’s plans to release security updates for its recent CPUs by early next week and mentioned the importance of collaborative industry-wide security assurance and responsible disclosures regarding security vulnerabilities going forward.
Intel intends to release software and firmware patches for 90% of its CPUs launched in the past five years by January 15. By the end of the month, Intel plans to issue software updates for the remainder 10% of processors introduced in the same period. After that, Intel will focus on releasing updates for older products based on requests and priorities of its customers. The company confirms that patches have an impact on performance and says that it varies widely based on workloads and mitigation technique.
Going forward, the world’s largest maker of microprocessors plans to share hardware innovations with the industry to fast-track development of protection against side-channel attacks. In addition, the company intends to increase funding for academic and independent research of security threats. Brian Krzanich expects other industry players to follow similar practices: share security-related hardware innovations and help researchers of security vulnerabilities.
The original letter reads as follows:
An Open Letter from Brian Krzanich, CEO of Intel Corporation, to Technology Industry Leaders
Following announcements of the Google Project Zero security exploits last week, Intel has continued to work closely with our partners with the shared goal of restoring confidence in the security of our customers’ data as quickly as possible. As I noted in my CES comments this week, the degree of collaboration across the industry has been remarkable. I am very proud of how our industry has pulled together and want to thank everyone for their extraordinary collaboration. In particular, we want to thank the Google Project Zero team for practicing responsible disclosure, creating the opportunity for the industry to address these new issues in a coordinated fashion.
As this process unfolds, I want to be clear about Intel’s commitments to our customers. This is our pledge:
1. Customer-First Urgency: By Jan. 15, we will have issued updates for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder of these CPUs available by the end of January. We will then focus on issuing updates for older products as prioritized by our customers.
2. Transparent and Timely Communications: As we roll out software and firmware patches, we are learning a great deal. We know that impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique. We commit to provide frequent progress reports of patch progress, performance data and other information. These can be found at the Intel.com website.
3. Ongoing Security Assurance: Our customers’ security is an ongoing priority, not a one-time event. To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats.
We encourage our industry partners to continue to support these practices. There are important roles for everyone: Timely adoption of software and firmware patches by consumers and system manufacturers is critical. Transparent and timely sharing of performance data by hardware and software developers is essential to rapid progress.
The bottom line is that continued collaboration will create the fastest and most effective approaches to restoring customer confidence in the security of their data. This is what we all want and are striving to achieve.
— Brian Krzanich
Related Reading:
Source: Intel
65 Comments
View All Comments
Hurr Durr - Friday, January 12, 2018 - link
Exactly, this very quote.Pork@III - Friday, January 12, 2018 - link
Happy performance reductions, especially for older processors! Well, if it's not planned aging, then what do you do?ceisserer - Friday, January 12, 2018 - link
1. No single word of excuse, instead they are "very proud of how our industry has pulled together".2. They had 6 months to prepare, yet they still have not even all microcode updates ready for CPUs sold in the last 5 years. Worse, my Arrandale laptop still in use will stay unfixed.
Hurr Durr - Friday, January 12, 2018 - link
Making excuses is the last thing you want to do in any situation.IGTrading - Friday, January 12, 2018 - link
I feel sorry for all those clients were I've advised the Intel option, due to the particularities of their workload and production scenario.Often times it was for some extra performance Intel's chips were offering or some extra energy efficiency, but now most of that will be completely negated by the loss of performance and the cost of the unplanned upgrade.
This is a complete mess and we're in it because the market has allowed such an entity to have so much power , influence and money.
They do say markets regulate themselves, but obviously if you look at how the global x86 and the HDD markets look, they obviously don't do no "regulation" except the one on us, the customers.
After being tried and convicted in 6 different countries on 3 different continents for highly illegal actions, Intel should have been seen with different eyes in the "educated" , "modern" , "objective" western world.
But that obviously has never happened. Money rules everything : press , authorities & governments and that's life.
Does anybody wonder how AMD's Mullins never got one SINGLE design win in the tablet world despite being over 60% faster and way more capable and efficient than Intel's Atom ?!
4 billion USD per year from Intel is the explanation.
The whole world bought useless, unproductive Intel-based tablets. They've realized they're useless and now the tablet market is shrinking.
Too bad we can live without tablets, but we can't live without workstations, laptops and servers.
What a mess a single company can make ...
kmi187 - Friday, January 12, 2018 - link
'What a mess a single company can make ..."That is the risk of having one company own 80% or more of the x86 & x64 market.
They don't screw things up often, but when they do ... the repercussions are immense.
Hurr Durr - Friday, January 12, 2018 - link
Makes sense AMD shill will be a commie as well.FunBunny2 - Friday, January 12, 2018 - link
"Too bad we can live without tablets, but we can't live without workstations, laptops and servers."but, but, but... the pundits have been telling us for years that the tablet is the new desktop!!!! and the Watch will diagnose whatever ails you. in a while.
serendip - Friday, January 12, 2018 - link
I'm surprised you brought up Mullins. That chip never got a design win with anyone, not even cheap Chinese OEMs, and Cherry Trail SoCs are still being used in Windows tablets. I'm crazy enough to use Bay Trail and Cherry Trail tablets as my main Windows machines - I think they're fine for basic usage but their GPUs are woeful. A faster Mullins GPU would have meant snappier UI and accelerated web rendering.Water under the bridge, I guess. I'd hate for Spectre and Meltdown patches to slow down an already slow Bay Trail machine.
13xforever - Friday, January 12, 2018 - link
All I want is a roadmap with ALL the CPUs they're planning to patch, preferably with a time table.