Intel has managed to ruffle quite a few feathers after Google’s Project Zero division recently disclosed several serious security vulnerabilities in Intel’s CPUs. The vulnerabilities, dubbed “Meltdown” and “Spectre,” could have put the personal information of millions of users at risk if left unchecked.
Fortunately for Intel customers, patches have been quick to roll out across most affected devices, ranging from Windows-based PCs to iOS and Android smartphones. There is a catch, though – these patches have come at the cost of system performance, with Intel’s own benchmarks revealing that users could experience up to a 10 percent performance loss depending on the tasks they perform with their machine.
Regardless, Intel seems committed to doing better in the future, at least as far as transparency and “timely communications” go. Intel CEO Brian Krzanich issued an open letter to tech industry leaders today in which he made the following “security-first” pledge:
1. Customer-First Urgency: By Jan. 15, we will have issued updates for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder of these CPUs available by the end of January. We will then focus on issuing updates for older products as prioritized by our customers.
2. Transparent and Timely Communications: As we roll out software and firmware patches, we are learning a great deal. We know that impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique. We commit to provide frequent progress reports of patch progress, performance data and other information. These can be found at the Intel.com website.
3. Ongoing Security Assurance: Our customers’ security is an ongoing priority, not a one-time event. To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats.
“We encourage our industry partners to continue to support these practices,” Krzanich said regarding his pledge. “…Timely adoption of software and firmware patches by consumers and system manufacturers is critical.” Further, the CEO said the open sharing of performance data by hardware and software developers would be essential to “rapid progress” moving forward.