Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre

The panel discusses the coordinated response to the Meltdown and Spectre vulnerabilities, highlighting the importance of collaboration and communication among competitors and stakeholders in the tech industry.

• Meltdown and Spectre were significant hardware vulnerabilities that required a coordinated response from hardware, platform, cloud, and service providers.
• Competitors became partners and shared an unprecedented level of information to protect billions of users.
• Lessons learned include the need for a new playbook for multi-party coordinated response, the importance of engineering, partnering, and reacting to security issues, and the value of effective communication and collaboration among stakeholders.

The panelists shared their experiences with the Meltdown and Spectre disclosures, including the challenges of mitigating the vulnerabilities and the importance of working together to protect users. They emphasized the need for effective communication and collaboration among competitors and stakeholders in the tech industry, and highlighted the value of sharing information and resources to address complex security issues.

It's January 2nd, 2018. Your phone buzzes. You've been working for more than 6 months to fight a new class of hardware vulnerabilities with a number of other companies. You *had* seven days until planned disclosure, but the incoming text tells you that there has been a leak and disclosure is now less than 24 hours away. You aren't ready…what do you do?Months before the public learned about the challenges with speculative execution, defenders from hardware, platform, cloud, and service providers were working together around the clock building mitigations and coordinating a response to help protect the billions of users depending on their platforms. This is the behind the scenes story of what those months were like, from the perspective of Apple, Google, and Microsoft. Along the way, competitors became partners and an unprecedented level of information was shared.Much has been written about how to do multi-party coordinated response, it's time to throw out what you know – we need a new playbook. In this panel, you'll learn about details of the response that have never been shared with the public, and you'll come away with lessons about what worked and what didn't in the most complicated multi-party vulnerability in memory. The tech industry is increasingly interdependent and Spectre and Meltdown are a wake-up call on multiple dimensions – how we engineer, how we partner, and how we react when we find new security issues. This panel won't give you all the answers, but it is a start.