Intel didn’t warn US-CERT of Meltdown and Spectre until hacks were public

Letters to lawmakers say Intel took six months to tell the US government about the exploits

Some of the world's biggest tech firms have written to lawmakers to complain that Intel didn't warn US cyber security officials about the Meltdown and Spectre chip security bugs until they went public.

In the letters, the companies, which include tech giants Alphabet, Apple and ARM, said Intel didn't make the issue known to the United States Computer Emergency Readiness Team (US-CERT), until they leaked to the masses at the turn of the year.

The letters, sent on Thursday in response to questions from Republican senator Greg Walden, who chairs the House Energy and Commerce Committee, claimed Intel took a full six months to notify the government's digital security body after Google's security researchers notified it in June.

That notification started the 90-day notice period for the chip giant to fix the issues before telling the world. But, Intel didn't inform US-CERT until 3 January, quite some time after the Meltdown and Spectre bugs had begun to spread. This has led to current and former US government officials raising concerns because the flaws potentially held national security implications.

However, Intel has said that it didn't believe the flaws needed to be shared with US authorities as hackers had not exploited the vulnerabilities.

"Intel and other industry participants were following the guidelines supported by US-CERT's Coordinated Vulnerability Disclosure (CVD)," an Intel spokeswoman said in an emailed statement.

In Intel's letter, the firm stated: "The collaboration between Intel and others in the technology industry regarding the disclosure and mitigation of these vulnerabilities was done in accordance with widely accepted principles commonly referred to as responsible disclosure'."

Intel said this "responsible disclosure" is based on two foundational concepts: First, it said it's about when companies become aware of security vulnerabilities, they work as quickly, collaboratively, and effectively as possible to mitigate those vulnerabilities.

Secondly, it said it's about companies taking steps to minimise the risk that exploitable information becomes available before mitigations are released through leaks or otherwise to those who would use it for malicious purposes.

"While one can debate the details of how best to execute responsible disclosure in specific incidents, Intel agrees with the prevailing industry view that in general responsible disclosure is the best practice because it maximises information security while minimising risk to end-user,", the chipmaker explained.

"Security vulnerabilities vary in their complexity and seriousness, and under responsible disclosure, Intel and other technology companies have identified and fixed many security vulnerabilities over the years."

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020

Most Popular

Unilever adopts Google Cloud’s complex data processing for conservation drive
big data analytics

Unilever adopts Google Cloud’s complex data processing for conservation drive

22 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020