Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre

Black Hat USA 2018

Presented by: Eric Doerr, Matt Linton, Art Manion, Chris Robinson
Date: Wednesday August 08, 2018
Time: 16:00 - 16:50
Location: South Pacific F

It's January 2nd, 2018. Your phone buzzes. You've been working for more than 6 months to fight a new class of hardware vulnerabilities with a number of other companies. You *had* seven days until planned disclosure, but the incoming text tells you that there has been a leak and disclosure is now less than 24 hours away. You aren't ready…what do you do?

Months before the public learned about the challenges with speculative execution, defenders from hardware, platform, cloud, and service providers were working together around the clock building mitigations and coordinating a response to help protect the billions of users depending on their platforms. This is the behind the scenes story of what those months were like, from the perspective of Apple, Google, and Microsoft. Along the way, competitors became partners and an unprecedented level of information was shared.

Much has been written about how to do multi-party coordinated response, it's time to throw out what you know – we need a new playbook. In this panel, you'll learn about details of the response that have never been shared with the public, and you'll come away with lessons about what worked and what didn't in the most complicated multi-party vulnerability in memory.

The tech industry is increasingly interdependent and Spectre and Meltdown are a wake-up call on multiple dimensions – how we engineer, how we partner, and how we react when we find new security issues. This panel won't give you all the answers, but it is a start.

Eric Doerr

Eric Doerr currently leads the security response team at Microsoft - the front line defense for millions of customers around the world who use Microsoft platforms and products. If you are hosted on Azure, use Windows, Office and more - Doerr's team is there to protect you.

Matt Linton

Matt Linton is an incident responder with experience throughout the security process, from architecture through penetration. He is formally trained in disaster management and specializes in rapid response, remediation and hardening of compromised environments.

Art Manion

Art Manion is the Senior Vulnerability Analyst for CERT/CC.

Chris Robinson

Christopher Robinson (aka CRob) is the Principal Program Manager and Team Lead of Red Hat Product Security Assurance Team. With 20 years of Enterprise-class engineering, operational and leadership experience, Chris has worked at several Fortune 500 companies with experience in the Financial, Medical, Legal, and Manufacturing verticals. He is a contributor to the FIRST PSIRT Services Framework and other industry groups. CRob has been a featured speaker at Gartner's Identity and Access Management Summit, RSA, Derbycon, the (ISC)2 World Congress, and was named a "Top Presenter" for the 2017 & 2018 Red Hat Summits. CRob is the former President of the Cleveland (ISC)2 Chapter, and is also a children's Cybersecurity Educator with the (ISC)2 Safe-and-Secure program. He enjoys moonlit walks on the beach and herding cats.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats