4: Risk and Exploits - Dealing with Meltdown and Spectre

Randy and Don discuss an item ripped from the headlines: What should a technical manager do about the recent Meltdown and Spectre exploits? They move into the CTO modes of research, understanding, translation, preparation, upgrading, monitoring, and, most of all, not freaking out. Randy requests a bobblehead or plush toy of the Spectre logo.

Notes
  • Ripped from the headlines: Part of Randy and Don's week was dealing with Meltdown and Spectre vulnerabilities.
  • What is a CTO or technical manager supposed to do when big-name vulnerabilities hit the press?
  • Try not to be the smartest person you know or you're doomed to have all problems brought to you.
  • Start with research!
  • Good and bad sources for information.
  • A CTO must be able explain the technical details at a business level to stakeholders.
  • Randy mentions that these problems were being worked on months ago.
  • If you have a laptop on your desk with Windows, you've outsourced a level of security to a big provider.
  • It's ok to admit you don't have all the information right this minute.
  • You should tell people to avoid new websites, downloads, and updates on your own, until later.
  • There are security consultants that can take a big load of work off firms, for a price.
  • A tactic for reducing anxiety: A crib sheet of all technologies (and contact numbers) used by the firm in the event of issues.
  • Randy wants a Meltdown and Spectre bobblehead. Don promises to get him one.
Links
Security Folks
Security Alerts
Other Links
Closing

Thanks for listening to the CTO Think Podcast. If you liked what you heard, please share a link to the podcast with your friends.

Reviews on iTunes are always appreciated and help us spread the word about the podcast.

Show music is Dumpster Dive by Marc Walloch, licensed by PremiumBeat.com

Shownotes and previous episodes can be found on our website at www.ctothink.com

For questions, comments, or things you'd like to hear on future shows, please email us at [email protected]

For notifications of future episodes, please sign up to the CTO Think newsletter on www.ctothink.com

We'll keep talking next week!

Join our newsletter

Got it. You're on the list!

Check out our tech-focused podcast, This Old App.

© 2017-2018 CTO Think. All Rights Reserved.