Donate
Meltdown and Spectre: Why We Need Vigilance, Upgradeability, and Collaborative Security Thumbnail
‹ Back
Trust 4 January 2018

Meltdown and Spectre: Why We Need Vigilance, Upgradeability, and Collaborative Security

Dan York
By Dan YorkDirector, Content and Web Strategy

Today the tech media is focused on the announcement of two security vulnerabilities, nicknamed Meltdown and Spectre, that are found in almost all CPUs used in modern devices. Mobile phones, laptops, desktop computers, cloud services, and Internet of Things (IoT) devices are all vulnerable.

There are many articles being published on this topic. The best source of information I’ve found is this site by the security researchers at the Graz University of Technology:

https://meltdownattack.com/

At the bottom of that page are links to the security blog posts, advisories, and other statements from companies and organizations across the industry. In an excellent example of the principles of Collaborative Security, the announcement was coordinated with the release of patches and updates for a wide range of operating systems and devices.

For readers wanting a deeper technical dive, the site from Graz University has links to multiple academic papers. Google’s Project Zero team also published a detailed technical analysis.

From our perspective, today’s news highlights a couple of points:

  • Keeping up to date on patches is critical. We each need to ensure that we upgrade our own systems and devices. If we work for organizations/companies, we need to ensure that processes are in place for patches to be applied rapidly. Vigilance is critical.
  • “Upgradeability” is necessary. We’ve mentioned this particularly in the IoT context, but devices need to be able to be upgraded. They can’t just be distributed or sold to people without some mechanism for updates. We see approaches such as the Online Trust Alliance IoT Framework as critical to help on this issue.
  • Independent security research is essential. These vulnerabilities were discovered by different groups of researchers at companies, security firms, and universities. If we didn’t have people doing this research for the benefit of all of us, we would be open to attacks by those who might find these vulnerabilities and exploit them for malicious purposes.
  • Collaborative security is the key. Sharing this research – and coordinating activity across the industry – is critical to ensuring a secure and trusted Internet.  We need the kind of collaboration shown today to be the norm across the industry.

The key point right now for everyone reading this is simply this: get out there and patch your systems! Don’t delay installing the latest security updates for your computers, mobile phones and other devices.

Each of us play a critical role in ensuring the security of an open, global and trusted Internet!

‹ Back

Related articles

Meltdown et Spectre: pourquoi nous avons besoin de vigilance, de possibilité de mise à jour et de la sécurité collaborative
Meltdown et Spectre: pourquoi nous avons besoin de vigilance, de possibilité de mise à jour et de la sécurité collaborative
Trust4 January 2018

Meltdown et Spectre: pourquoi nous avons besoin de vigilance, de possibilité de mise à jour et de la sécurité collaborative

Today's news about the Meltdown and Spectre CPU vulnerabilities highlight the critical need for vigilance, upgradeability and the collaborative security approach across the industry.

Meltdown y Spectre: por qué necesitamos la vigilancia, la capacidad de actualización y la seguridad colaborativa
Meltdown y Spectre: por qué necesitamos la vigilancia, la capacidad de actualización y la seguridad colaborativa
Trust4 January 2018

Meltdown y Spectre: por qué necesitamos la vigilancia, la capacidad de actualización y la seguridad colaborativa

Today's news about the Meltdown and Spectre CPU vulnerabilities highlight the critical need for vigilance, upgradeability and the collaborative security approach across the industry.

Olaf Kolkman presents on Collaborative Security @ TNC16
Deploy36016 June 2016

Olaf Kolkman presents on Collaborative Security @ TNC16

The Internet Society's Chief Internet Technology Officer Olaf Kolkman presented on Collaborative Security at the TNC16 Conference in Prague, Czech...

Join the conversation with Internet Society members around the world