The U.S. House Energy and Commerce Committee on Wednesday said that it has sent letters to the CEOs of several major technology companies about their agreement to delay disclosing information about security flaws currently rocking the industry.
The Meltdown and Spectre vulnerabilities, which were publicly revealed earlier this month, affect nearly every modern computer chip on the market. If exploited, they could make it easier for attackers to steal information stored in a wide variety of places, from personal computers to cloud services.
The congressional committee sent letters to the CEOs of Apple, Amazon, AMD, Arm, Google, Intel and Microsoft. These companies have already scrambled to release updates for the affected products. Government scrutiny could add another headache and additional cost.
The letters raise questions about why the companies agreed to delay disclosure, and seek to find out whether the involved companies considered how the delay might hurt other companies who were not kept in the loop.
Additionally, the letters bring up the matter of when the U.S. Computer Emergency Readiness Team was informed.
“While we acknowledge that critical vulnerabilities such as these create challenging tradeoffs between disclosure and secrecy, as premature disclosure may give malicious actors time to exploit the vulnerabilities before mitigations are developed and deployed, we believe that this situation has shown the need for additional scrutiny regarding multi-party coordinated vulnerability disclosures,” representatives Greg Walden, Marsha Blackburn, Robert Latta and Gregg Harper wrote in their letter to Apple CEO Tim Cook.
The letters ask executives to arrange to provide a briefing to staffers from the House committee by Feb. 7.
Source: Tech CNBC
Congress wants to know why tech companies kept security flaw details to themselves for months