- Silicon Design & Verification
- Silicon IP
- Software Integrity
- About Us
- Silicon Design & Verification Products
- Solutions
- Resources
- Services
- Community
- Training
- Silicon IP Products
- Solutions
- Resources
- Services
- Community
- Software Integrity
- Services
- Solutions
- Resources
- Training and Education
- Support
- About Us
< Silicon Design & Verification Products
< Silicon Design & Verification Products
< Silicon Design & Verification Products
< Silicon Design & Verification Products
3D Model Generation
Simpleware Products
Simpleware for Life Sciences
Simpleware for Materials & Manufacturing
< Silicon Design & Verification Products
< Silicon Design & Verification Products
< overview
Silicon Design & Verification Products
+
Design
+
System Simulation & Modeling
+
Verification Continuum
+
3D Model Generation
+
Silicon Engineering
+
Optical Solutions
< Solutions
< Solutions
< Solutions
< Resources
< Resources
< Resources
< overview
< Services
< Services
< Services
< Community
Community
Community Overview
< Community
< Community
< Community
< Community
< Community
< Community
< Community
< overview
Community
+
Community
+
SNUG
+
Partners
+
EmbARC.org
+
Interoperability
+
Academic Programs
+
Company Blogs
+
BSIMM
< Training
< overview
< main menu
< Silicon IP Products
< Silicon IP Products
Memories & Libraries
Logic Libraries
Memory Compliers
Duet Packages
HPC Design Kit
Embedded Test & Repair
Non-Volatile Memory
< Silicon IP Products
< Silicon IP Products
Processor Solutions
ARC Processors
Embedded Vision Processors
Development Tools
Operating Systems
Ecosystem
ASIP Tools
< Silicon IP Products
< Silicon IP Products
< Silicon IP Products
< Silicon IP Products
< Silicon IP Products
< overview
Silicon IP Products
+
Interface IP
+
Memories & Libraries
+
Analog IP
+
Processor Solutions
+
IP Subsystems
+
Security IP
+
Market Segments
+
IP Accelerated
+
SoC Infrastructure IP
< Solutions
< Resources
< Services
< Services
< Services
< Community
Community
Community Overview
< Community
< Community
< Community
< Community
< Community
< Community
< Community
< overview
Community
+
Community
+
SNUG
+
Partners
+
EmbARC.org
+
Interoperability
+
Academic Programs
+
Company Blogs
+
BSIMM
< Software Integrity
< Software Integrity
< Services
< Services
Program Development & Design
BSIMM Maturity Model
Maturity Action Plan (MAP)
Policies & Standards
Metrics
Software Security-in-a-Box
< Solutions
< Solutions
< Resources
< Resources
Listen
Podcasts
< Training and Education
Product Education
< Support
< Support
Contact Support
< main menu
< About Us
< About Us
< About Us
< About Us
< About Us
< About Us
Software Integrity
Examining Spectre and Meltdown attacks
Posted by Taylor Armerding on May 22, 2018
As you have no doubt heard, Spectre and Meltdown aren’t software bugs that can be fixed in a few days or weeks when a company pushes out a patch. They are part of the architecture of hardware – the chips that run your computer. And you don’t just roll out a patch for hardware. Chips can’t be “patched” until a new version comes out – a refresh cycle that is generally five years or much longer. In other words, these flaws aren’t just bad, they’re long-term bad.
But the news is not all bad
First, exploiting them is not easy. An attacker would need to install malware on your computer to take advantage of them.
Second, you and your organization are not totally defenseless. There are tools now available to defend both your operating system and your software. You just have to use them…
Detect Spectre exploits with static analysis
This post is filed under Static Analysis (SAST), Vulnerability Assessment.
More by this author
April 6, 2018
Regulation looming for cryptocurrency
April 20, 2018
Behavioral security at RSA Conference 2018
Subscribe via Email
Get the latest Software Integrity news, thought leadership, and more.
Categories
- Agile Methodology
- Application Security
- Automotive Security
- Black Duck by Synopsys
- Blockchain Security
- CI/CD
- CI/CD
- CISO
- Cloud Security
- Code Review
- Containers
- Cryptography
- Customer Success
- Data Breach
- DevOps
- Dynamic Analysis (DAST)
- eLearning
- Embedded Software Testing
- Ethical Hacking
- Featured
- Financial Services Security
- Fuzz Testing
- GDPR
- Government Security
- Healthcare Security
- Industrial Control System Security
- Infographic
- Insurance Provider Security
- Interactive Application Security Testing (IAST)
- Internet of Things
- JavaScript Security
- Legal
- Maturity Model (BSIMM)
- Medical Device Security
- Medical Device Security
- Mobile Application Security
- Network Security
- Open Source Governance
- Open Source Licenses
- Open Source Security
- OWASP
- Penetration Testing
- Red Teaming
- Runtime Application Self-Protection (RASP)
- Secure Coding Guidelines
- Security Architecture
- Security Conference or Event
- Security Metrics
- Security Risk Assessment
- Security Standards and Compliance
- Security Training
- Smart Grid Security
- Software Architecture and Design
- Software Composition Analysis
- Software Development Life Cycle (SDLC)
- Software Quality
- Software Security Program Development
- Software Security Testing
- Software Testing Optimization
- Static Analysis (SAST)
- Synopsys Culture
- Threat Intelligence
- Threat Modeling
- Uncategorized
- Vendor Risk Management
- Vulnerability Assessment
- Web Application Security
- Weekly Security Mashup
Archives