Intel CEO delivers open letter in wake of Meltdown, Spectre

The Meltdown and Spectre exploits have rocked the computing world, as chipmakers scramble to patch the vulnerabilities. Intel was particularly hard hit by the exploits, forcing the firm to double down on security updates for them.

Now, following his keynote address at CES 2018, Intel CEO Brian Krzanich has issued an open letter, outlining a three-point pledge to consumers. The pledge starts with “customer-first urgency”.

“By 15 January, we will have issued updates for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder of these CPUs available by the end of January. We will then focus on issuing updates for older products as prioritised by our customers,” Krzanich noted.

The CEO also pointed to “transparent and timely communications” as the second part of the pledge.

“As we roll out software and firmware patches, we are learning a great deal. We know that impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique. We commit to provide frequent progress reports of patch progress, performance data and other information,” Krzanich explained, directing users to Intel’s website for progress reports.

Read more: Processor exploits – what are affected companies saying?

Finally, the Intel CEO highlighted “ongoing security assurance” as the third and final part of the pledge.

“Our customers’ security is an ongoing priority, not a one-time event. To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats.”

The open letter also comes after Krzanich was criticised for selling stock before the vulnerabilities were made public.