Software Integrity Blog
Examining Spectre and Meltdown attacks
As you have no doubt heard, Spectre and Meltdown aren’t software bugs that can be fixed in a few days or weeks when a company pushes out a patch. They are part of the architecture of hardware – the chips that run your computer. And you don’t just roll out a patch for hardware. Chips can’t be “patched” until a new version comes out – a refresh cycle that is generally five years or much longer. In other words, these flaws aren’t just bad, they’re long-term bad.
But the news is not all bad
First, exploiting them is not easy. An attacker would need to install malware on your computer to take advantage of them.
Second, you and your organization are not totally defenseless. There are tools now available to defend both your operating system and your software. You just have to use them…
Detect Spectre exploits with static analysis
More by this author
Don’t miss the latest AppSec news and trends every Friday.
- Agile, CI/CD & DevOps
- Application Security
- Automotive Cyber Security
- Cloud Security
- Container Security
- DAST
- Data Breach Security
- Developer Enablement
- Featured
- Financial Cyber Security
- Fuzz Testing
- Healthcare Security & Privacy
- Interactive Application Security Testing (IAST)
- IoT Security
- Medical Device Security
- Mergers & Acquisitions
- Mobile App Security
- News & Announcements
- Open Source Security
- Public Sector Cyber Security
- Security Standards and Compliance
- Security Training & Awareness
- Software Architecture & Design
- Software Compliance, Quality & Standards
- Software Composition Analysis (SCA)
- Software Security Program
- Software Security Research
- Static Analysis (SAST)
- Web Application Security
- Webinars