uploads///A_Semiconductors_INTC Spectre and Melatdown timeline

Why Intel Delayed Public Disclosure of the Meltdown and Spectre Flaws

By

Mar. 13 2018, Updated 7:30 a.m. ET

US authorities questions tech companies over Meltdown and Spectre disclosure

In the preceding part of this series, we discussed how Intel (INTC) is working out a solution for the Spectre and Meltdown design flaws. But Intel and its fellow technology companies affected by the flaws didn’t reveal the issue immediately, even while they were working on the solution for it. The flaws were leaked by the Register, in fact, and not by Intel.

It appears that even US authorities learned of the flaws through the news leak from the Register. US House Energy and Commerce Committee Chair Greg Walden sent letters to the seven tech firms—Intel, Google (GOOG), Advanced Micro Devices (AMD), ARM, Apple, Amazon.com (AMZN), and Microsoft (MSFT)—that were a part of the Meltdown and Spectre disclosure cabal, asking for their reasons for not disclosing what they knew about these flaws.

Article continues below advertisement

Intel justifies its actions over its lack of disclosure 

In response, Intel stated that its action of limited disclosure was in line with industry standards for vulnerability disclosure and incident response set out by the US-CERT (Computer Emergency Readiness Team).

In its response letter, Intel stated that it disclosed the information about the chip flaws only to those companies that could help it improve security. The embargo of seven tech companies gave the three chipmakers—Intel, AMD, and ARM—90 days time to fix the design flaws before disclosing them to the public. However, these companies extended the deadline to January 9, 2018, and Intel decided to disclose the news on that day.

But the news was leaked on January 2, 2018, and Intel immediately briefed the issue to the US-CERT and accelerated its plans to deploy software fixes. The company announced plans to make hardware changes to its next-generation chips and address Spectre and Meltdown by the end of 2018.

As this news of security vulnerabilities was leaked by a new agency and not by Intel, it attracted many class action lawsuits for Intel and AMD. We’ll discuss this further in the next part of this series.

Advertisement

More From Market Realist

  • CONNECT with Market Realist
  • Link to Facebook
  • Link to Twitter
  • Link to Instagram
  • Link to Email Subscribe
Market Realist Logo
Do Not Sell My Personal Information

© Copyright 2021 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.