Global analyst firm IDC calls transparency a key element in managing cybersecurity threats. System integrity relies on a shared responsibility model between the processor vendor to develop the mitigation, the system provider to make those updates available and the system operator to apply those updates.
Vulnerability research and discovery are only part of the solution to managing threats. Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Vulnerability Disclosure (CVD), under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are deployed. CVD protects technology users because public disclosure of a vulnerability before mitigations are deployed could allow cybercriminals to exploit the vulnerability.
“Protecting IT architectures from known vulnerabilities is typically more straightforward; the application of a patch is generally considered the greatest return in security,” wrote Frank Dickson, program vice president, Security & Trust at IDC. “Proactively sharing internal and external research, developer guidance and mitigation methods to ease the system operator’s burden is as critical as enabling application of the patch. Keys to creating system trust are visibility and transparency.”