WASHINGTON, DC - House Energy and Commerce Committee Chairman Greg Walden (R-OR), Subcommittee on Oversight and Investigations Chairman Gregg Harper (R-MS), Subcommittee on Digital Commerce and Consumer Protection Chairman Bob Latta (R-OH), and Subcommittee on Communications and Technology Chairman Marsha Blackburn (R-TN) sent a letter today to the CEOs of Intel, AMD, ARM, Apple, Microsoft, Amazon, and Google, the companies originally informed of two cybersecurity vulnerabilities known as “Meltdown" and “Spectre."
The letter includes questions about the information embargo imposed by these companies and their decision to restrict the dissemination of information related to the vulnerabilities.
“While we acknowledge that critical vulnerabilities such as these create challenging trade-offs between disclosure and secrecy, as premature disclosure may give malicious actors time to exploit the vulnerabilities before mitigations are developed and deployed, we believe that this situation has shown the need for additional scrutiny regarding multi-party coordinated vulnerability disclosures. As demonstrated by numerous incidents over the past several years, cybersecurity is a collective responsibility. Further, it is a responsibility that is no longer limited solely to the information technology sector; connected products exist in electric grids, hospitals, manufacturing equipment, and in innumerable other sectors," wrote Walden, Harper, Latta, and Blackburn.
The letter continues: “This reality raises serious questions about not just the embargo imposed on information regarding the Meltdown and Spectre vulnerabilities, but on embargos regarding cybersecurity vulnerabilities in general."
