The CEO of Intel Brian Krzanich has enclosed an open letter to the rest of the technology industry, following the ‘Meltdown’ and ‘Spectre’ hardware-based vulnerabilities that impact its processors. Intel has been providing cleverly worded statements and altering its guidance on performance issues related to security fixes.
But at present, the company mentions it is ready to be transparent. Krzanich admits, “As we roll out software and firmware patches, we are learning a great deal”. “We know that impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique”.
Now Intel is planning to offer “frequent progress reports of patch progress, performance data, and other information” over at Intel’s dedicated Spectre and Meltdown site.
Intel’s commitment to its customers-
Krzanich promises that by January 15, 90percent of Intel CPUs produced in the last five years will be updated and the remaining 10percent patched by the end of the month. The company will start working on updates for the older chips ‘as prioritized by (its) customers’.
Transparent and Timely communications
As the company rolled out software and firmware patches. Krzanich added, “We know that impact on performance varies widely, based on the specific workload, platform configuration, and mitigation technique. We commit to providing frequent progress reports of patch progress, performance data, and other information”. All these can be can found on the website of Intel (intel.com).
Ongoing security Assurance
The Intel CEO also commits to help fund academic and independent research into possible security issues in the future. He mentions, “To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats”.