CHIP GIANT Intel intentionally hid the discovery of the Meltdown and Spectre chip security flaws from US cybersecurity officials, according to a bunch of tech companies who wrote to lawmakers on Thursday.
In a number of letters seen by Reuters, the companies wrote that Intel didn't make the issue known to the United States Computer Emergency Readiness Team, or US-CERT, until they leaked to the public. This was six months after Google's security researchers notified the chipmaker in June, which started the 90-day notice period for the chip giant to fix the issues before they were made public.
In fact, it wasn't until 3 January this year that Intel informed US-CERT, which was well after reports of the Meltdown and Spectre bugs had begun to spread. This has led to current and former US government officials raising concerns because the flaws potentially held national security implications.
However, Intel's excuse was that it didn't believe the flaws needed to be shared with US authorities as hackers had not exploited the vulnerabilities.
The letters were sent by Intel, Alphabet and Apple on Thursday in response to questions from US Representative Greg Walden, an Oregon Republican who chairs the House Energy and Commerce Committee.
This follows the news that Intel has been hit by a whopping 32 lawsuits so far over the Meltdown and Spectre flaws found in its processors.
The chipmaker is being hit from two sides, with customer class action looking to sue it for "monetary damages and equitable relief" and the securities lawsuits seeking action against Intel and its top brass.
The latter alleges that Intel "violated securities laws by making statements about its products and internal controls that were revealed to be false or misleading by the disclosure of the security vulnerabilities".
A trio of shareholders have each filed shareholder derivative actions against Intel, which allege that specific members of its board and leading officers failed to take action relating to insider trading. µ
Could desktop-based containers tackle the enterprise’s VDI shortcomings?
Some gamers we know are already massive crankers
What could possibly go wrong?