14 DAY TRIAL // The United States House Energy and Commerce Committee has sent a letter to a number of tech companies, including Microsoft and Apple, to ask for more information on why they decided to keep secret the details of the Meltdown and Spectre security flaws.
The letter reveals that several companies, namely Apple, Amazon, AMD, ARM, Google, Intel, and Microsoft, learned about the two vulnerabilities in June 2017, but they all agreed to a so-called information embargo set to expire on January 9, 2018.
The tech giants remained tight-lipped on the flaw in order to buy more time to develop patches, though it’s not known why it took so long to distribute software mitigations since they were informed in mid-2017.
The Meltdown and Spectre vulnerabilities in chipsets manufactured by Intel, AMD, and ARM were patched by the largest tech companies earlier this month after a sudden disclosure on January 2.
Tech leaders to meet the House committee on February 7
The US Congress says that by keeping details secret, the tech companies named above might have affected the other firms who weren’t included in the embargo and had to develop their own patches for Meltdown and Spectre, thus leaving their customers exposed longer.
“Why was an information embargo imposed?” the companies are being asked in the letter. “What company or combination of companies proposed the embargo?” a second question reads.
“Some observers have raised questions about the effect of the embargo on the ability of companies not included in the original June 2017 disclosure to protect their own products and users, compared to those companies that were included,” the letter states before adding that “it is reasonable to assume that additional companies have been negatively impacted by the embargo.”
Microsoft and Apple have remained tight-lipped until now on this information request, but Intel did offer a statement to explain that it’s now working with US representatives on answering the questions.
“We appreciate the questions from the Energy and Commerce Committee and welcome the opportunity to continue our dialogue with Congress on these important issues,” an Intel spokeswoman was quoted as saying. “In addition to our recent meetings with legislative staff members, we have been discussing with the Committee an in-person briefing, and we look forward to that meeting.”