Processor vulnerabilities Spectre and Meltdown have been a nightmare for Intel this month. The company is responding to the urgency, mostly out of necessity, but there are signs the company is accepting its role in the monumental security blunder and trying to move forward to regain trust.
CEO Brian Krzanich used the first several minutes of his inaugural keynote at CES to thank all its hardware and software partners for working closely with the company, and openly admitting that the company was issuing updates that would affect 90 percent of all processors in the coming days (now January 15), and that all affected processors would be "immune" by the end of January. The move was a surprise, as many expected Krzanich to shy away from any talk of the embarrassing revelations.
Now, Krzanich has stepped up again, penning an open letter to the tech industry, laying out its commitments to its customers. He again thanked companies for their close collaboration with Intel, and urged them to keep following a customer-first urgency. He also promised more transparency going forward.
"As we roll out software and firmware patches, we are learning a great deal," he said. "We know that impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique. We commit to provide frequent progress reports of patch progress, performance data and other information."
He also promised that security for its customers will be paramount:
Our customers’ security is an ongoing priority, not a one-time event. To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks. We also commit to adding incremental funding for academic and independent research into potential security threats.
He said that regaining customer trust is something everyone in the industry will be striving for, and that continued collaboration will be key to making it happen.
Intel has taken a beating in the press, from investors, and the tech community. It's initial response when news broke of the vulnerabilities was to also throw shade at AMD's chips and ARM's architecture. It disavowed an actual flaw in the chips, while minimizing the fact that it was a choice to increase security risk for the sake of faster processor speeds.
It's mellowed tone is definitely welcome, but one borne out of the need for an actual mea culpa rather than an arrogant "everybody does it" middle finger.