How Intel's Chief Software Security Officer is reshaping the chip giant

[InfoSec News <alerts () infosecnews org>]

https://www.engadget.com/2018/10/13/intel-window-snyder-interview-security/

By Devindra Hardawar
Engadget.com
10.13.18

Window Snyder transformed how Microsoft, Apple and Mozilla dealt with 
software threats. She served as the security lead for the Windows XP 
Service Pack 2 update, which fixed a wide variety of vulnerabilities in a 
notoriously buggy OS. And at Apple, she helped manage security on iOS and 
OS X. Now, she's taking on the role of Intel's first Chief Software 
Security Officer, where she's responsible for revamping how the company 
protects its products and customers. Obviously, she has her work cut out 
for her.

Intel is still reeling from the fallout of the Spectre and Meltdown CPU 
vulnerabilities, which affected the entire PC industry, including 
competitors like AMD and ARM. While most companies were able to deal with 
Meltdown through software patches, they could slow down PC performance. 
And we'll have to wait for an entirely new chip architecture to be rid of 
Spectre. As the largest PC processor maker (Samsung stole the crown of the 
biggest chipmaker last year), Intel took the brunt of the criticism. And 
it didn't help that the company failed to warn government officials about 
the issues, or that they were revealed by The Register instead of an 
official announcement.

After three months as the head of Intel's Platform Security division, 
Snyder has identified three ways the company can improve, she said in an 
interview with Engadget. First, she wants to focus on the obvious: 
Anything that can make software and hardware more secure and resilient. 
That includes things like cryptographic instructions in the company's 
chips that can speed up encryption, to features that can isolate processes 
from each other (like separating something that's running with 
unrestricted root access from a more limited user). "These are examples 
that are part of Intel's long heritage of developing security 
technologies, but I think they are ones that are easy for a large audience 
to understand," she said.

Next, Snyder wants to focus on building tools that can evaluate hardware 
and software to suss out any nefarious code. "Things like getting back to 
a known state, or a reset function... or helping you understand a data 
system in one way or another," she said. "Even if it's exposing 
information that can be used by forensics tools to understand whether or 
not the firmware in the system is intact."

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_