英特爾:安全第一承諾
流感肆虐,安保第一。微評測讚賞Intel及工業界對問題合作處理的理念和實踐,同時對媒體界(的部分)感到失望。
原文在Intel Press Room,Intel.com,2018-01-11。
Meltdown/Spectre系列文章
譯文:
安全第一承諾
英特爾公司首席執行官Brian Krzanich致工業界領袖公開信
布萊恩·科再奇
Intel CEO Brian Krzanich,來源:Intel
上周,在Google Project Zero安全漏洞公告發布之後,英特爾繼續與我們的合作夥伴緊密合作,共同追求儘快恢復客戶對數據安全的信心。正如我在本周CES大會中指出的那樣,整個工業界合作的程度非常之高。我對於我們整個業界走在一起感到非常自豪,並要感謝大家非凡的合作。特別是,我們要感謝Google Project Zero團隊實施負責披露(responsible disclosure是安全界一種漏洞披露的模型),為業界創造了一個以協調合作的方式解決這些新問題的機會。
隨著過程的展開,我想明確英特爾對客戶的承諾。這是我們的承諾:
1.客戶至上:至1月15日,我們將為過去五年內推出的至少90%的英特爾CPU發布問題更新,並在1月底之前更新剩下的CPU。然後,我們將重點放在為更老的我們客戶決定的優先產品發布更新。
2.透明及時的溝通:當我們推出軟體和固件補丁時,我們學到很多。我們知道,根據具體的工作負載、平台配置和緩解技術,對性能造成的影響差別很大。我們承諾密切提供補丁進度、性能數據和其他信息的進度報告。這些均可在Intel.com官網(https://newsroom.intel.com/press-kits/security-exploits-intel-products/)找到。
3.持續的安全保證:我們客戶的安全是持續的優先事項,而不僅是一次性的事件。為了加速整個行業的安全保護,我們承諾根據負責披露規則公開確定重大的安全漏洞,並進一步致力於與業界共享硬體創新,以加快行業級別應對旁路攻擊(side-channel attack)的進度。我們還承諾對為潛在的安全威脅進行的學術和獨立研究投入持續增長的資金。
我們鼓勵我們的行業合作夥伴繼續支持這些做法。每個人都具有重要的作用:消費者和系統製造商及時應用軟體和固件補丁非常關鍵。硬體和軟體開發人員透明及時共享性能數據對於迅速處理至關重要。
關鍵在於,持續的合作將創造最快最有效的途徑,恢復客戶對他們數據安全的信心。而這正是我們一致的方向和努力的目標。
——Brian Krzanich
原文:
Security-First Pledge
An Open Letter from Brian Krzanich, CEO of Intel Corporation, to Technology Industry Leaders
By Brian Krzanich
Following announcements of the Google Project Zero security exploits last week, Intel has continued to work closely with our partners with the shared goal of restoring confidence in the security of our customers" data as quickly as possible. As I noted in my CES comments this week, the degree of collaboration across the industry has been remarkable. I am very proud of how our industry has pulled together and want to thank everyone for their extraordinary collaboration. In particular, we want to thank the Google Project Zero team for practicing responsible disclosure, creating the opportunity for the industry to address these new issues in a coordinated fashion.
As this process unfolds, I want to be clear about Intel"s commitments to our customers. This is our pledge:
1. Customer-First Urgency:ByJan. 15, we will have issued updates for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder of these CPUs available by the end of January. We will then focus on issuing updates for older products as prioritized by our customers.
2. Transparent and Timely Communications:As we roll out software and firmware patches, we are learning a great deal. We know that impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique. We commit to provide frequent progress reports of patch progress, performance data and other information. These can be found at the Intel.com website.
3. Ongoing Security Assurance:Our customers" security is an ongoing priority, not a one-time event. To accelerate the security of the entire industry, we commit to publicly identify significant security vulnerabilities following rules of responsible disclosure and, further, we commit to working with the industry to share hardware innovations that will accelerate industry-level progress in dealing with side-channel attacks.We also commit to adding incremental funding for academic and independent research into potential security threats.
We encourage our industry partners to continue to support these practices. There are important roles for everyone: Timely adoption of software and firmware patches by consumers and system manufacturers is critical. Transparent and timely sharing of performance data by hardware and software developers is essential to rapid progress.
The bottom line is that continued collaboration will create the fastest and most effective approaches to restoring customer confidence in the security of their data. This is what we all want and are striving to achieve.
-- Brian Krzanich
.More:Security Exploits and Intel Products(Press Kit)(https://newsroom.intel.com/press-kits/security-exploits-intel-products/)Security Research Findings(Intel.com)(https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html)
TAG:微評測 |