5 Questions Partners Have For Intel About Spectre And Meltdown Ahead Of Its Q4 Earnings

Putting The Pressure On Intel

Intel is reporting its fourth-quarter earnings on Thursday, but partners are looking for much more beyond the company's financials during the call.

Partners and investors are calling on Intel to directly address the Spectre and Meltdown security flaws, which are side-channel security gaps that impact both older and newer Intel chips. The revelation of these flaws – and Intel's subsequent rush to issue botched patches for them – has left many channel partners wondering what the next steps are for the chip company.

Analysts polled by Thomson Reuters have predicted Intel earnings of 86 cents on sales of $16.34 billion, up from earnings of 79 cents in the same quarter last year.

Here are five big questions about the Spectre and Meltdown security flaws that partners want Intel CEO Brian Krzanich to address on the earnings call.

Have there been any actual exploits of the Spectre and Meltdown flaws?

The exploits behind the Spectre and Meltdown flaws themselves, which account for three variants of a side-channel analysis security issue in server and PC processors, potentially could enable hackers to access protected data.

While the vulnerabilities leave Intel chips open to hacking attacks, so far there is no evidence that hackers have exploited the vulnerabilities. Partners, for their part, want more definitive answers from Intel on if there have been any actual exploits of the Spectre and Meltdown flaws.

"We haven't heard of any real exploits of this [flaw]," said Marc Harrison, president of Silicon East, a Marlboro, N.J.-based solution provider.

What's going on with Intel's faulty patches and what impact will that have on customers?

Intel has worked to issue patches for the Spectre and Meltdown exploits, but the Santa Clara, Calif.-based company last week acknowledged that some companies are reporting reboot issues with both older and newer chips for both client compute and data center after they patched their devices.

The impacted CPUs included Intel's Broadwell, Haswell, Ivy Bridge, Sandy Bridge, Skylake and Kaby Lake platforms. Partners are demanding answers about what Intel's strategy is for issuing patches moving forward – and what kind of performance hit customers who have already issued patches can expect.

"Patching can take a performance hit on what the processors can handle," said Barrett Lamothe, federal sales team lead at MicroAge, a Tempe, Ariz.-based Intel partner. "That downstream affects the virtual machines running on Intel hardware."

When will new patches for Spectre and Meltdown be available?

Intel said in a post that it has "now identified the root cause for Broadwell and Haswell platforms, and made good progress in developing a solution to address it." The company said it has started rolling out an early version of the updated solution to partners for testing, and will make a final release that will become available after the testing has been completed.

Intel did not mention its newer chips, including Skylake and Kaby Lake. The company's last updates on these newer chips explained that it has reproduced the issues internally and is working to identify the cause.

But partners want more definitive answers on when the patches will be available for both newer chips – including Kaby Lake and Skylake platforms – as well as older chips like Broadwell and Haswell.

What is Intel's security strategy moving forward?

In the wake of the Meltdown and Spectre security flaws, Intel established the Intel Product Assurance and Security (IPAS) group to consolidate Intel's cross-company efforts to address issues like Meltdown and Spectre. IPAS will be led by human resources chief Leslie Culbertson. Partners want to keep tabs on this group's strategy around security, as well as updates on Intel's overall security efforts.

"Intel has their security guys on this issue … the fact that, in the past, they have invested in McAfee and other security companies over the years leads me to believe that they're in a good position now and moving forward," said MicroAge's Lamothe.

What can the channel do?

Partners also want a clear outline of what the channel's role is and how they can keep customers up to date in the wake of the Spectre and Meltdown flaws.

"Customers will have lots of questions so such instances show why VARs are their clients' trusted advisers as it’s not as simple as just installing the latest patch updates," said Kent Tibbils, vice president of marketing at ASI, Fremont, Calif. "So there may not be a monetary opportunity but there is clearly a partnership-building opportunity that can strengthen the bond between VAR and client through education and guidance."