It's January 2nd, 2018. Your phone buzzes. You've been working for more than 6 months to fight a new class of hardware vulnerabilities with a number of other companies. You *had* seven days until planned disclosure, but the incoming text tells you that there has been a leak and disclosure is now less than 24 hours away. You aren't ready…what do you do?
Months before the public learned about the challenges with speculative execution, defenders from hardware, platform, cloud, and service providers were working together around the clock building mitigations and coordinating a response to help protect the billions of users depending on their platforms. This is the behind the scenes story of what those months were like, from the perspective of Apple, Google, and Microsoft. Along the way, competitors became partners and an unprecedented level of information was shared.
Much has been written about how to do multi-party coordinated response, it's time to throw out what you know – we need a new playbook. In this panel, you'll learn about details of the response that have never been shared with the public, and you'll come away with lessons about what worked and what didn't in the most complicated multi-party vulnerability in memory.
The tech industry is increasingly interdependent and Spectre and Meltdown are a wake-up call on multiple dimensions – how we engineer, how we partner, and how we react when we find new security issues. This panel won't give you all the answers, but it is a start.