Intel, the American technology giant recently discovered some critical security flaws in its processors but notified the issue only to a small group of customers, including some Chinese tech giants. What came out surprisingly from the news was the fact that the tech giant left out U.S. government to report the same as per the officials familiar with the matter.
Not disclosing the news immediately to the U.S. government has raised several concerns for Intel. The news could have potentially allowed sensitive information about the chip flaws fall either into the hands of Chinese officials or being known to the public masses both of which is not in the favor of Intel.
“The Google Project Zero team and impacted vendors, including Intel, followed best practices of responsible and coordinated disclosure,” Told an Intel spokesperson. “Standard and well-established practice on initial disclosure is to work with industry participants to develop solutions and deploy fixes ahead of publication. In this case, news of the exploit was reported ahead of the industry coalition’s intended public disclosure date at which point Intel immediately engaged the US government and others.”
To its rescue, Intel spokesperson reportedly told that the company did not tell everyone about the security flaw as the news got public much earlier as expected and there was no time to report every single company/customer to report of the same. The news didn't seem to please the security editor Zach Whittaker, which can clearly be figured out from the tweet he made on 29th of January 2018.
This is grade A crap. Several people told me Meltdown/Spectre's planned disclosure was set for Jan. 9 but was revealed on Jan. 3 after a PoC came out. Based on WSJ, Intel was going to tell the US gov. only a week before disclosure?! It knew since June! https://t.co/DLusu37zoL pic.twitter.com/3s9COTub0C— Zack Whittaker (@zackwhittaker) January 28, 2018
The meltdown and Specter flaw are risky as they carry the potential of affecting nearly everyone. The news could have impacted a larger mass of people that is why well-known security officials are not pretty much happy with Intel’s move. Well, it is the sole responsibility of companies like Intel to notify the big associates prior to the news is made public to everyone.
For Intel, the situation was a tricky one to immediately figure out whom to notify and when in order to ensure that the news didn’t get publicize to each and every person. While such dynamics are highly sensitive, companies must keep in notice to take immediate steps to ensure things get resolved prior to they get advertised to everyone.