US LAWMAKERS are pressing Intel, Microsoft, AMD, Apple and others to explain their silence over the Meltdown and Spectre CPU flaws.
When Meltdown and Spectre were first discovered last year in June 2017, the big tech firms all agreed to keep their traps shut about it until a fix was figured out. They had planned to then fess-up on 9 January, 2018.
The Register rather messed up that plan by reporting on the flaws a week ahead of schedule, with the website claiming it wasn't aware of embargo the tech firms had placed on Meltdown and Spectre.
From there, the whole thing exploded, with Google posting technical details on the flaw on 3 January, and more technical information following from the likes of ARM and AMD.
All this furore has led to four Republicans from the US House of Representatives penning letters to various tech behemoths demanding that they shed more light on the embargo and how Meltdown and Spectre were handled.
The letters were sent to the likes of Apple's Tim Cook, Google's Sundar Pichai, and Microsoft's Satya Nadella, to name but a few.
"While we acknowledge that critical vulnerabilities such as these create challenging tradeoffs between disclosure and secrecy, as premature disclosure may give malicious actors time to exploit the vulnerabilities before mitigations are developed and deployed, we believe that this situation has shown the need for additional scrutiny regarding multi-party coordinated vulnerability disclosures," the letter states.
It argues that the collective silence of the big tech players may have resulted in those companies not privy to the embargo and the flaws to be caught napping by the reveal of Meltdown and Spectre.
And the letter notes that cybersecurity should be something all companies, across different sectors, should have a collective responsibility in tackling, rather than a handful of big-name tech outfits.
"This reality raises serious questions about not just the embargo imposed on information regarding the Meltdown and Spectre vulnerabilities, but on embargoes regarding cybersecurity vulnerabilities in general," the letters notes.
Intel told The Register that it appreciated the questions being levied at it and welcomes the opportunity to discuss thing further.
Google, however, noted it has done nothing wrong and worked to established cyber security processes.
"After working with security teams across the industry for months, we released our findings according to established principles of vulnerability disclosure, and deployed mitigations to help secure people's information on Google and other platforms," a spokesperson said.
What ever the result of the letters, it clearly shows the Meltdown and Spectre flaw are having an affect beyond just prompting patching, particularly as Intel and AMD are already both facing lawsuits over the vulnerabilities. µ
The Turing cards look to be a major leap over last-gen Pascal GPUs
It has been a long year's wait
Chill without the Netflix
Some would say that's a lot for watching YouTube cat videos