Intel CEO Warns of Vulnerability, a Little Late

/
Intel.jpg

The CEO of Intel has bad news: a patch for a chip vulnerability will slow down computer operations. In an interview with Bloomberg, a technology analyst explains the typical process when finding security issues: companies find a bug and solve it before going public. However, this time, an issue known for perhaps a year went unsolved and was kept quiet—until now.

Bloomberg says chip makers had downplayed the effects of the patch, but CEO Brian Krzanich has finally described the issue:

“We believe the performance impact of these updates is highly workload-dependent. As a result, we expect some workloads may have a larger impact than others. As of now we have not received any information that these exploits have been used to retrieve customer data.”

In other words, the patch works but will slow down operations.

A technology analyst says this is the first time chip makers like Intel have gotten caught needing to admit a potential vulnerability, and it's unclear why it hasn't been fixed before this point.

Bloomberg reports on the secrecy and implications:

“Our first priority has been to have a complete mitigation in place,” said Intel’s Parker. “We’ve delivered a solution.”

Some in the cybersecurity community aren’t so sure. Kocher, who helped discover Spectre [a bug], thinks this is just the beginning of the industry’s woes. Now that new ways to exploit chips have been exposed, there’ll be more variations and more flaws that will require more patches and mitigation.

"This is just like peeling the lid off the can of worms," he said.

Image source.

Discussion:

  • In what ways did Intel avoid accountability? How did the avoidance affect the company? What would have been a more appropriate response to finding the bugs?
  • Distinguish between this computer vulnerability and vulnerability in interpersonal relationships. One is good; the other is not.
  • Read the Intel CEO's quote, above. It sounds jargony but was presented at CES, a conference of IT professionals. Did he use appropriate language, or does his word choice demonstrate a lack of transparency? What do you think?