Donate
Meltdown and Spectre: Why We Need Vigilance, Upgradeability, and Collaborative Security Thumbnail
‹ Back
Trust 4 January 2018

Meltdown and Spectre: Why We Need Vigilance, Upgradeability, and Collaborative Security

Dan York
By Dan YorkSenior Manager, Content and Web Strategy

Today the tech media is focused on the announcement of two security vulnerabilities, nicknamed Meltdown and Spectre, that are found in almost all CPUs used in modern devices. Mobile phones, laptops, desktop computers, cloud services, and Internet of Things (IoT) devices are all vulnerable.

There are many articles being published on this topic. The best source of information I’ve found is this site by the security researchers at the Graz University of Technology:

https://meltdownattack.com/

At the bottom of that page are links to the security blog posts, advisories, and other statements from companies and organizations across the industry. In an excellent example of the principles of Collaborative Security, the announcement was coordinated with the release of patches and updates for a wide range of operating systems and devices.

For readers wanting a deeper technical dive, the site from Graz University has links to multiple academic papers. Google’s Project Zero team also published a detailed technical analysis.

From our perspective, today’s news highlights a couple of points:

  • Keeping up to date on patches is critical. We each need to ensure that we upgrade our own systems and devices. If we work for organizations/companies, we need to ensure that processes are in place for patches to be applied rapidly. Vigilance is critical.
  • “Upgradeability” is necessary. We’ve mentioned this particularly in the IoT context, but devices need to be able to be upgraded. They can’t just be distributed or sold to people without some mechanism for updates. We see approaches such as the Online Trust Alliance IoT Framework as critical to help on this issue.
  • Independent security research is essential. These vulnerabilities were discovered by different groups of researchers at companies, security firms, and universities. If we didn’t have people doing this research for the benefit of all of us, we would be open to attacks by those who might find these vulnerabilities and exploit them for malicious purposes.
  • Collaborative security is the key. Sharing this research – and coordinating activity across the industry – is critical to ensuring a secure and trusted Internet.  We need the kind of collaboration shown today to be the norm across the industry.

The key point right now for everyone reading this is simply this: get out there and patch your systems! Don’t delay installing the latest security updates for your computers, mobile phones and other devices.

Each of us play a critical role in ensuring the security of an open, global and trusted Internet!

‹ Back

Related articles

Security Excellence at NDSS 2016
Security Excellence at NDSS 2016
Privacy29 January 2016

Security Excellence at NDSS 2016

We all know security matters. And great things are achieved by chipping at the details. The Network and Distributed System...

Responsible Disclosure from a Collaborative Security Perspective
Responsible Disclosure from a Collaborative Security Perspective
Security1 February 2017

Responsible Disclosure from a Collaborative Security Perspective

I recently wrote about an agenda to mitigate the threats of insecure devices on the Internet of Things. One of...

Olaf Kolkman presents on Collaborative Security @ TNC16
16 June 2016

Olaf Kolkman presents on Collaborative Security @ TNC16

The Internet Society's Chief Internet Technology Officer Olaf Kolkman presented on Collaborative Security at the TNC16 Conference in Prague, Czech...

Join the conversation with Internet Society members around the world