5 Security Promises Made By Intel In The Wake Of The Meltdown, Spectre Vulnerabilities
Putting Security In The Driver's Seat
Intel CEO Brian Krzanich said in an open letter to Thursday that the Santa Clara, Calif.-based semiconductor vendor is continuing to work closely with technology partners to restore confidence in the security of its customers' data as quickly as possible.
"The degree of collaboration across the industry has been fantastic," Krzanich said. "I am very proud of how our industry has pulled together."
Intel has had a hectic January since news broke eight days ago that design flaws have left a gigantic portion of the world's computer processors vulnerable to two major exploits, which researchers named Spectre and Meltdown.
Researchers noted that the Meltdown flaw affects virtually every microprocessor made by Intel, whose chips used in more than 90 percent of the world's computer servers.
Here are five security-related promises Intel has made to its partners and customers this week.
Intel Will Issue Updates For 90 Percent Of Its Recent CPUs By Monday
Krzanich said in the open letter that Intel will have issued updates by Monday for at least 90 percent of the company's CPUs issued in the past five years. From there, Krzanich said Intel will update the remainder of the available CPUs by the end of January.
Intel will then focus on issuing updates for older products as prioritized by the company's customers, according to Krzanich.
Intel Will Provide Frequent Progress Reports Of Patch Progress
Krzanich committed in the open letter to providing frequent progress reports on patch progress, performance data and other information.
Intel has learned a great deal as it rolls out software and firmware patches, according to Krzanich. The company has found that impact on performance varies widely based on the specific workload, platform configuration and mitigation technique, Krzanich said.
Intel Will Add Funding For Security Threat Research
Krzanich in the open letter also pledged to publicly identify significant security vulnerabilities following rules of responsible disclosure.
Further, Krzanich said Intel will work with the industry to share hardware innovations that will accelerate industry-level progress in dealing with vulnerabilities like Meltdown and Spectre.
Intel will also commit to adding incremental funding for academic and independent research into potential security threats, according to Krzanich.
Intel Will Consolidate Its Cross-Company Efforts To Address The Vulnerabilities
The company this week established the Intel Product Assurance and Security (IPAS) group to consolidate Intel's cross-company efforts to address issues like Meltdown and Spectre. IPAS will be led by human resources chief Leslie Culbertson, and report directly into Krzanich.
"It is critical that we continue to work with the industry, to excel at customer satisfaction, to act with uncompromising integrity, and to achieve the highest standards of excellence," Krzanich said in a memo Monday obtained by The Oregonian. "Simply put, I want to ensure we continue to respond appropriately, diligently, and with a customer-first attitude."
Intel confirmed that other members of IPAS include: Josh Walden, head of Intel's new technology group; and Steve Smith, vice president and general manager of Intel's data center engineering group.
Intel Will Upgrade The Technology In Its Future Products To Maximize Security
Intel is already hard at work upgrading the technology in its future products to maximize security and performance, according to Navin Shenoy, executive vice president and general manager of Intel's data center group.
Shenoy said in an update Wednesday that the security of Intel's products and its customers data is the company's number one priority. Nevertheless, Shenoy indicated that Intel doesn't want to see the performance of its products impacted in any way.