https://www.engadget.com/2018/10/13/intel-window-snyder-interview-security/
By Devindra Hardawar
Engadget.com
10.13.18
Window Snyder transformed how Microsoft, Apple and Mozilla dealt with
software threats. She served as the security lead for the Windows XP
Service Pack 2 update, which fixed a wide variety of vulnerabilities in a
notoriously buggy OS. And at Apple, she helped manage security on iOS and
OS X. Now, she's taking on the role of Intel's first Chief Software
Security Officer, where she's responsible for revamping how the company
protects its products and customers. Obviously, she has her work cut out
for her.
Intel is still reeling from the fallout of the Spectre and Meltdown CPU
vulnerabilities, which affected the entire PC industry, including
competitors like AMD and ARM. While most companies were able to deal with
Meltdown through software patches, they could slow down PC performance.
And we'll have to wait for an entirely new chip architecture to be rid of
Spectre. As the largest PC processor maker (Samsung stole the crown of the
biggest chipmaker last year), Intel took the brunt of the criticism. And
it didn't help that the company failed to warn government officials about
the issues, or that they were revealed by The Register instead of an
official announcement.
After three months as the head of Intel's Platform Security division,
Snyder has identified three ways the company can improve, she said in an
interview with Engadget. First, she wants to focus on the obvious:
Anything that can make software and hardware more secure and resilient.
That includes things like cryptographic instructions in the company's
chips that can speed up encryption, to features that can isolate processes
from each other (like separating something that's running with
unrestricted root access from a more limited user). "These are examples
that are part of Intel's long heritage of developing security
technologies, but I think they are ones that are easy for a large audience
to understand," she said.
Next, Snyder wants to focus on building tools that can evaluate hardware
and software to suss out any nefarious code. "Things like getting back to
a known state, or a reset function... or helping you understand a data
system in one way or another," she said. "Even if it's exposing
information that can be used by forensics tools to understand whether or
not the firmware in the system is intact."
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
