×

Congress wants to know why tech companies kept security flaw details to themselves for months

  • The U.S. House Energy and Commerce Committee sent letters to Apple, Amazon, AMD, Arm, Google, Intel and Microsoft asking why they agreed to keep details of the Meltdown and Spectre vulnerabilities secret.
  • The vulnerabilities affect nearly every modern computer chip, and have companies scrambling to release fixes.
Apple CEO Timothy Cook delivers pauses while giving opening remarks while testifying before the Senate Homeland Security and Governmental Affairs Committee's Investigations Subcommittee about the company's offshore profit shifting and tax avoidance in the Dirksen Senate Office Building on Capitol Hill May 21, 2013 in Washington, DC.
Getty Images
Apple CEO Timothy Cook delivers pauses while giving opening remarks while testifying before the Senate Homeland Security and Governmental Affairs Committee's Investigations Subcommittee about the company's offshore profit shifting and tax avoidance in the Dirksen Senate Office Building on Capitol Hill May 21, 2013 in Washington, DC.

The U.S. House Energy and Commerce Committee on Wednesday said that it has sent letters to the CEOs of several major technology companies about their agreement to delay disclosing information about security flaws currently rocking the industry.

The Meltdown and Spectre vulnerabilities, which were publicly revealed earlier this month, affect nearly every modern computer chip on the market. If exploited, they could make it easier for attackers to steal information stored in a wide variety of places, from personal computers to cloud services.

The congressional committee sent letters to the CEOs of Apple, Amazon, AMD, Arm, Google, Intel and Microsoft. These companies have already scrambled to release updates for the affected products. Government scrutiny could add another headache and additional cost.

The letters raise questions about why the companies agreed to delay disclosure, and seek to find out whether the involved companies considered how the delay might hurt other companies who were not kept in the loop.

Additionally, the letters bring up the matter of when the U.S. Computer Emergency Readiness Team was informed.

"While we acknowledge that critical vulnerabilities such as these create challenging tradeoffs between disclosure and secrecy, as premature disclosure may give malicious actors time to exploit the vulnerabilities before mitigations are developed and deployed, we believe that this situation has shown the need for additional scrutiny regarding multi-party coordinated vulnerability disclosures," representatives Greg Walden, Marsha Blackburn, Robert Latta and Gregg Harper wrote in their letter to Apple CEO Tim Cook.

The letters ask executives to arrange to provide a briefing to staffers from the House committee by Feb. 7.

"We appreciate the questions from the Energy and Commerce Committee and welcome the opportunity to continue our dialogue with Congress on these important issues," an Intel spokeswoman told CNBC in an email. "In addition to our recent meetings with legislative staff members, we have been discussing with the Committee an in-person briefing, and we look forward to that meeting."

WATCH: Intel's 'Meltdown' sparks security concerns