Re: Risk Assessment of Spectre and Meltdown

["Manjak, Martin" <mmanjak () ALBANY EDU>]

+1 for this write up. It does a nice job of summarizing and prioritizing the respective risks of the two 
vulnerabilities in a variety of common environments.

Marty Manjak
CISO
University at Albany
Sent from my iPhone

On Jan 5, 2018, at 16:49, Security Wonks <secwonks () GMAIL COM<mailto:secwonks () GMAIL COM>> wrote:


Greetings EDUCAUSE Security Community,


After some discussion in another forum a few folks have put together a document aimed at IT and security professionals 
trying to wrap their head around what to do about Spectre and Meltdown. Here it is:


http://secwonks.org/real-time-risk-assessment-of-spectre-and-meltdown/


This isn’t a technical document, it’s a high-level summary of risk and suggestions for prioritization (written with a 
bit of gallows humor).  It was written by a few current, former, and loosely-affiliated-with members of the higher-ed 
security community.


This is TLP:White, you should feel free - and are encouraged - to reshare and redistribute. We’d love to see this get 
broader distribution. And comments welcome!


Regards,

A Random Wonk