Intel did not inform US before chip flaws were made public

image copyrightIntel
image captionIntel did not disclose Spectre and Meltdown security flaws to US lawmakers before the information was leaked to the press

Computer-chip-maker Intel did not inform US cyber-security officials about the Spectre and Meltdown security flaws before details leaked to the press, it has been revealed.

Letters sent by seven technology companies to US senators reveal that US authorities found out about the flaws only through the media.

Details were first leaked to technology news site The Register on 2 January.

The flaws were discovered by Google Project Zero's security researchers.

In response to questions posed by Republican congressman Greg Walden, who chairs the House Energy and Commerce Committee, Google owner Alphabet said it had informed Intel, AMD and ARM about the chip flaws in June 2017.

The three semiconductor manufacturers were given 90 days to fix the flaws before disclosing the bugs to the public.

Alphabet said it had left it up to the companies to decide whether they should inform government officials about the security flaws, as per standard practice.

Intel declined to comment. However, the company's letter to Mr Walden offers more details about what happened.

It says that Google Project Zero chose to extend the 90-day timeframe to 9 January 2018, and that Intel had to agree to keep the information confidential until that date.

Intel maintains that there is no indication that Spectre or Meltdown were ever exploited, and that it followed the responsible disclosure policies set out by the United States Computer Emergency Readiness Team.

More on this story