Intel did not inform US before chip flaws were made public

Computer-chip-maker Intel did not inform US cyber-security officials about the Spectre and Meltdown security flaws before details leaked to the press, it has been revealed.

Letters sent by seven technology companies to US senators uncover that US authorities found out about the flaws only through the media.

Details were first leaked to technology news site The Register on 2 January.

The flaws were found by Google Project Zero’s security researchers.

In response of inquiries posed by Republican congressman Greg Walden, who chairs the House Energy and Commerce Committee, Google owner Alphabet said it had informed Intel, AMD and ARM about the chip flaws in June 2017.

The three semiconductor manufacturers were given 90 days to fix the flaws before unveiling the bugs to the public.

Alphabet said it had left it over to the companies to choose whether they ought to inform government officials about the security flaws, according to standard practice.

Intel declined to comment. In any case, the company’s letter to Mr. Walden offers more insights about what happened.

It says that Google Project Zero chose to extend the 90-day time period to 9 January 2018, and that Intel needed to consent to keep the information confidential until that date.

Intel keeps up that there is no sign that Specter or Meltdown were ever exploited, and that it followed the dependable disclosure policies set out by the United States Computer Emergency Readiness Team.

 

Source: BBC News