Cybersecurity, Privacy, & AI

Trending Now
Top House Cyber Lawmaker Plans to Introduce DHS Overhaul Bill by Next Year • Executive Orders Seek to Hasten Quantum Computing—and Guard Against Its Use • In a First, a Court Takedown Goes After Two Cybercrime Tools at Once • NIST Opens Updated IoT Security Guidance to Public Review • Five Eyes Agencies Urge Leaders to Strengthen Cyber Resilience in AI Era

Intel Hid Meltdown & Spectre from US Government, Shared Info with Chinese Companies

When Intel learned about the Meltdown and Spectre vulnerabilities in their processor architecture, they notified a handful of key businesses and asked their assistance in developing ways to address them, before alerting the public or any government. These companies included U.S.-based Google, Microsoft, Apple, ARM, and AMD, but also China-based Lenovo and Alibaba, and it is “a near certainty” that the Chinese government learned of the flaws from the latter firms during this time.

The U.S. government and other, less-privileged business partners learned of the vulnerabilities at the same time as the general public.

The House Energy and Commerce Committee has asked these companies why they kept the information secret from the U.S. government. Most reported that they were bound by non-disclosure agreements, intended to keep the flaws on a need-to-know basis until techniques to mitigate them were ready. The Chinese companies have answered similarly, further denying that they passed the information on to their government.

Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.