Security and risk management leaders must take a pragmatic and risk-based approach to dealing with Spectre and Meltdown, Gartner says-- after all, not all software and processors are vulnerable to the threats in the same way.

"[T]he risk will vary based on the system's exposure to running unknown and untrusted code," the analyst continues. "The risk is real, but with a clear and pragmatic risk-based remediation plan, security and risk management leaders can provide business leaders with confidence that the marginal risk to the enterprise is manageable and is being addressed."

Gartner offers 7 steps security leaders can take to mitigate the risk Spectre and Meltdown pose:

In a further bid to branch out of search Alphabet, the parent company of Google, spins off its security unit into Chronicle-- a standalone company with aim to deliver high-end security analytics services.

Born out of the Google X moonshot group, Chronicle is lead by former Symantec COO (and Starbucks CIO) Stephen Gillett. Google hardware powers its two first offerings. One is an enterprise security intelligence and analytics platform, while the other is VirusTotal, the online malware and virus scanner Google acquired back in 2012.

“We want to 10x the speed and impact of security teams’ work by making it much easier, faster and more cost-effective for them to capture and analyze security signals that have previously been too difficult and expensive to find,” Gillett writes in a blog post announcing the creation of Chronicle. “We are building our intelligence and analytics platform to solve this problem.”

Intel eats back the words it said earlier this month as it admits newer Skylake and Kaby Lake CPUs are also affected by the patch released to fix the issues brought about Spectre and Meltdown.

According to a company blog post, while the firmware updates are "effective at mitigating exposure to the security issues," they also lead to more frequent reboots. Previously Intel insisted the issue was only noticeable on systems running on older Broadwell and Haswell CPUs, but tests have confirmed similar behaviours happen on Ivy Bridge-, Sandy Bridge-, Skywell- and Kaby Lake-based platforms.

That said, Intel insists it is close to identifying the root cause of the issue. In parallel, it is providing vendors with "beta microcode" for validation in the near future.

As the industry figures out how to fix Spectre and Meltdown-- the two security issues affecting the processors powering just about every PC, server and mobile device-- news emerges on how the fixes might negatively hit the performance of said devices.

In case anyone is in need of background, the ominously named Spectre (dubbed so because of the root cause, speculative execution) and Meltdown (since it melts security boundaries normally enforced by hardware) were discovered by security researchers in the early days of 2018. The discovery brought about a flurry of patches and updates, but soon afterwards reports emerged of performance taking a hit as a result of said updates. Initially the industry was hesitant to confirm the reports, but now both Microsoft and Intel admit that, yes, the Spectre and Meltdown fixes affect the performance of at least some machines.