- Silicon Design & Verification
- Products
- Solutions
- Resources
- Services
- Community
- Training
- Silicon IP
- Products
- Markets
- Newsletter
- Customer Success
- News
- Resources
- Software Integrity
- Tools
- Services
- Training
- Solutions
- Resources
- Customers
- Partners
- Blog
- Company
- About Us
- Investor Relations
- Community
- Newsroom
- Resources
- Careers
< Silicon Design & Verification
Silicon Design & Verification
< Products
< Products
< Products
< Products
< Products
< Products
< Products
Photonic Solutions
PIC Design Suite
< Silicon Design & Verification
< Solutions
< Solutions
< Solutions
Cloud
Synopsys on the Cloud
< Solutions
< Silicon Design & Verification
< Resources
< Resources
Verification
Articles
Blogs
Datasheets
Events
News
Newsletters
Success Stories
Videos
Webinars
White Papers
< Resources
< Silicon Design & Verification
< Services
< Services
< Services
< Silicon Design & Verification
< Community
Community
Community Overview
< Community
< Community
< Community
< Community
< Silicon Design & Verification
< Training
< Silicon Design & Verification
Training
Training and Education
< main menu
< Silicon IP
Silicon IP
< Products
< Products
Processor Solutions
ARC Processor IP
Embedded Vision Processor IP
Development Tools
Operating Systems
Ecosystem
ASIP Tools
< Products
Memories & Libraries
Logic Libraries
Memory Compliers
Duet Packages
HPC Design Kit
Embedded Test & Repair
Non-Volatile Memory
< Products
< Products
< Products
< Products
< Products
< Silicon IP
< Markets
< Silicon IP
Newsletter
< Silicon IP
Customer Success
< Silicon IP
News
< Resources
< Resources
< main menu
< Software Integrity
Software Integrity
< Tools
< Tools
< Tools
< Tools
< Software Integrity
< Services
Managed Security Testing
Managed SAST
Dynamic Analysis (DAST)
Penetration Testing
Mobile Application Security Testing
Network Security Testing
< Services
Professional Services
Strategy and Planning (BSIMM)
Architecture & Design
DecSecOps Integration
Cloud Security
Industry Solutions
< Services
Open Source Audits
< Software Integrity
< Training
< Training
Product Education
< Training
Community
< Software Integrity
< Solutions
< Solutions
< Resources
< Resources
< Software Integrity
Customers
< Partners
< Partners
Become a partner
< Software Integrity
< Software Integrity
Blog
< main menu
< About Us
Company
< About Us
< About Us
About Us
About Us
< Investor Relations
< About Us
Investor Relations
Investor Relations
< Community
< About Us
Community
Community
< Newsroom
< About Us
Newsroom
Newsroom
< Resources
< About Us
Resources
Resources
< Careers
< About Us
Careers
Careers
< main menu
Software Integrity Blog
Examining Spectre and Meltdown attacks
Posted by Taylor Armerding on May 22, 2018
As you have no doubt heard, Spectre and Meltdown aren’t software bugs that can be fixed in a few days or weeks when a company pushes out a patch. They are part of the architecture of hardware – the chips that run your computer. And you don’t just roll out a patch for hardware. Chips can’t be “patched” until a new version comes out – a refresh cycle that is generally five years or much longer. In other words, these flaws aren’t just bad, they’re long-term bad.
But the news is not all bad
First, exploiting them is not easy. An attacker would need to install malware on your computer to take advantage of them.
Second, you and your organization are not totally defenseless. There are tools now available to defend both your operating system and your software. You just have to use them…
Detect Spectre exploits with static analysis
This post is filed under Software Architecture and Design, Static Analysis (SAST).
More by this author
November 9, 2018
Threats obvious, but electronic voting systems remain insecure
November 28, 2018
Air gaps in ICS going, going … and so is security
Subscribe via Email
Get the latest Software Integrity news, thought leadership, and more.
Categories
- Agile, CI/CD & DevOps
- Announcements
- Archive
- Automotive Security
- Cloud Security
- Container Security
- Critical Infrastructure Security
- Data Breach
- Developer Enablement
- Events
- Featured
- Financial Services Security
- Fuzz Testing
- General
- Government Security
- Hacking Security
- Healthcare Security
- Infographic
- Interactive Application Security Testing (IAST)
- Internet of Things
- Legal
- Maturity Model (BSIMM)
- Medical Device Security
- Mobile Application Security
- Open Source Security
- Podcasts
- Privacy
- Red Teaming
- Security Standards and Compliance
- Security Training
- Software Architecture and Design
- Software Composition Analysis
- Software Security Initiative (SSI)
- Static Analysis (SAST)
- Web Application Security
- Webinars
- Weekly Security Mashup