Meltdown and Spectre: Why We Need Vigilance, Upgradeability, and Collaborative Security Thumbnail
Building Trust 4 January 2018

Meltdown and Spectre: Why We Need Vigilance, Upgradeability, and Collaborative Security

By Dan YorkDirector, Internet Technology

Today the tech media is focused on the announcement of two security vulnerabilities, nicknamed Meltdown and Spectre, that are found in almost all CPUs used in modern devices. Mobile phones, laptops, desktop computers, cloud services, and Internet of Things (IoT) devices are all vulnerable.

There are many articles being published on this topic. The best source of information I’ve found is this site by the security researchers at the Graz University of Technology:

https://meltdownattack.com/

At the bottom of that page are links to the security blog posts, advisories, and other statements from companies and organizations across the industry. In an excellent example of the principles of Collaborative Security, the announcement was coordinated with the release of patches and updates for a wide range of operating systems and devices.

For readers wanting a deeper technical dive, the site from Graz University has links to multiple academic papers. Google’s Project Zero team also published a detailed technical analysis.

From our perspective, today’s news highlights a couple of points:

  • Keeping up to date on patches is critical. We each need to ensure that we upgrade our own systems and devices. If we work for organizations/companies, we need to ensure that processes are in place for patches to be applied rapidly. Vigilance is critical.
  • “Upgradeability” is necessary. We’ve mentioned this particularly in the IoT context, but devices need to be able to be upgraded. They can’t just be distributed or sold to people without some mechanism for updates. We see approaches such as the Online Trust Alliance IoT Framework as critical to help on this issue.
  • Independent security research is essential. These vulnerabilities were discovered by different groups of researchers at companies, security firms, and universities. If we didn’t have people doing this research for the benefit of all of us, we would be open to attacks by those who might find these vulnerabilities and exploit them for malicious purposes.
  • Collaborative security is the key. Sharing this research – and coordinating activity across the industry – is critical to ensuring a secure and trusted Internet.  We need the kind of collaboration shown today to be the norm across the industry.

The key point right now for everyone reading this is simply this: get out there and patch your systems! Don’t delay installing the latest security updates for your computers, mobile phones and other devices.

Each of us play a critical role in ensuring the security of an open, global and trusted Internet!

Building Trust, Improving Technical Security, Collaborative Security

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Recent Posts

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Building Trust 11 February 2020

Every Day Should Be Safer Internet Day

Safer Internet Day is an opportunity for people and organizations around the world to join forces in a series...

Building Trust 28 January 2020

This Data Privacy Day It’s the Little Things That Count

Today we’re celebrating Data Privacy Day, which is all about empowering people and organizations to respect privacy, safeguard data,...