Intel reportedly did not disclose Meltdown or Spectre security flaws to U.S. cyber security officials after being notified of the flaws because hackers had not exploited the vulnerabilities yet, Reuters reports.
The company did not disclose the information to the United States Computer Emergency Readiness Team, better known as US-CERT, until January 3. This was after the details of the vulnerabilities had leaked online.
Letters from the big tech giants such as Apple, Alphabet, and Intel indicate when these vulnerabilities were found. While Apple did not comment on the matter, Alphabet stated that it disclosed the information to “chipmakers Intel, Advanced Micro Devices Inc and SoftBank Group Corp-owned ARM Holdings” back in June of 2017.
The company gave chipmakers 90 days to fix the vulnerability before disclosing it publicly. This is an industry standard to give manufacturers time to resolve the issues before disclosing the information as it will become available to hackers.
Alphabet let the manufacturers decide whether or not to disclose the vulnerability to government officials, which is also standard practice.
Intel’s argument for not telling government officials is that it had “no indication that any of these vulnerabilities had been exploited by malicious actors.” Intel also noted that they did not perform any tests to see if these vulnerabilities would affect infrastructures, but did inform the other tech giants of the bug.
Microsoft says that it told several antivirus makers about the bug several weeks before it leaked to the public.