All those present highlighted the value of existing industry collaboration in providing stable updates to firmware across a wide range of devices, and under significant time pressure. The identification of recent high-profile vulnerabilities had catalysed unprecedented collaboration.
It was clear from discussions that all participating firms recognise the challenges in quickly providing stable updates to firmware. There is also a challenge to maintain end-users’ trust that update processes are robust and that updates can be deployed with confidence.
The meeting discussed the challenges with automated security patching. Though this comes with advantages, particularly for non-professional and non-expert users, it poses risks and technical challenges, and would not be appropriate in all cases.
Significant progress has already been made throughout the ecosystem, and this progress will continue. We have a shared aim to make it easier for end-users to keep their devices secure and up to date - reducing the burden on business and the general public.
All those present agreed there is a role for government in convening the ecosystem more widely, identifying and highlighting good practice, and producing cyber security advice and guidance for a range of audiences.
The participants agreed to reconvene in early 2019.
Agreed by organisations represented at the 23 July roundtable. Including AMD, Apple, ARM, Dell, HP Inc, Intel, Microsoft, Qualcomm, Samsung, DCMS, techUK and NCSC