Email
Password
Remember meForgot password?
    Log in with Twitter

article imageIn rare show of unity, cloud firms team up to patch Meltdown bugs

By James Walker     Jan 17, 2018 in Technology
Rival cloud providers are collaborating online as they develop patches for the Meltdown and Spectre processor flaws. Faced with incomplete information from Intel and other hardware vendors, "second-tier" companies are choosing to help each other.
Slacking it out
Meltdown and Spectre threw the cloud computing world into turmoil earlier this month. The critical security vulnerabilities in processors from every major manufacturer directly threatened the integrity of some of the world's top networks. The problems created by the revelations were complicated by broken patches issued by hardware manufacturers and a general rush to fix the problems, prompted by early disclosure of the issues.
Intel first learned of the problems back in June 2017 and began to share information with the "Tier 1" cloud companies. Firms on this list, including Amazon, Google and Microsoft, were able to access details of the exploits before the vulnerabilities were publicly disclosed in January. Other companies, including many smaller but still massive cloud operators, received no advance warning before the public disclosure.
READ NEXT: Retailers struggle to manage mobile tech deployments
On January 3, these providers found themselves having to address a potentially catastrophic hardware flaw using temperamental patches and minimal information. As they tried to coordinate responses, the companies found themselves aligning with each other in a rare show of unity for the usually ruthless cloud industry.
Ars Technica reports over 25 "Tier 2" cloud providers began to share what little information they had, pooling it all together in an impromptu Slack channel. The collaborative online approach enabled the cloud companies to respond to events more effectively than would otherwise be possible.
The firms have continued to cooperate over the past couple of weeks, adding several new members including the "Tier 1" provider Amazon Web Services. Director of Operations at hosting provider Linode told Ars Technica the link sharing in Slack was "absolutely critical" to Tier 2 providers as they planned their responses.
"Selective" disclosure
With the disarray of the initial disclosure beginning to pass, second-tier Internet companies are now starting to question why they didn't receive advance warning of the issues. Tier 1 providers were given at least 60 days to prepare their infrastructure, while the rest of the Internet was left out of the loop.
Theo de Raadt, leader of the OpenBSD operating system project, said Google's actions were "selective disclosure," not responsible disclosure, in comments to ITWire. He added that cloud providers below Tier-1 have "just gotten screwed" by the chaos of the disclosure and the lack of advance warning.
READ NEXT: Barcelona Council abandons Microsoft for open-source software
The fallout from Meltdown and Spectre is still ongoing as companies continue to patch their infrastructure. Communication from hardware vendors remains sporadic though and there's still no single source of definitive information.
Several of the Tier-2 platforms are now planning to pressure Intel into hosting a frank fireside discussion about its disclosure and communication since. Meltdown/Spectre has demonstrated how important communication is to effective operation of cloud platforms, with many second-tier companies unable to protect their customers because of the actions of larger firms. The lessons from the incident could help push the industry towards greater transparency and collaboration, preventing similar chaos from occurring again.
More about Meltdown, Spectre, Intel, Processors, Cybersecurity
 
Latest News
Top News