Will Meltdown and Spectre Affect Your Validated Software?

Chances are that by now you have heard about the “Meltdown” and “Spectre” issues with many of the microprocessors currently out there in use.  For folks that have been around a while, we recall an issue with the Pentium chip in 1994 which you can find out more about here.  Also, of course there was quite a bit of concern over how computers would react to New Year’s Day 2000, since many computerized systems only used the last two numbers for the year, and it was thought that would wreak havoc with all kinds of date-based systems.

If you have validated software like GMP CMMS (Calibration and Maintenance Management Systems) in use, then your best course of action depends on how your system is set up.  If you have an on-line system like GxPReady! Suite, then your provider is likely implementing patches as they come out as part of their maintenance program, so the impact on your system should be minimal.  For those that have installed GMP Calibration or Maintenance software in-house, it will require your IT folks to do the same updates as they come out.  There may be additional recommended actions you can take as things evolve which would also be communicated to you via your service provider(s).  Chances are, if you are using software, you are already periodically updating your passwords as part of normal user adiminstration.

As of this date, there isn’t an issue related to “Meltdown” and “Spectre” that will inherently cause problems with the operation of your software, unless someone were to try to exploit the weaknesses.  With the security in place that is common with validated systems, this should mitigate the chances of a problem.

In the end, as with the previously mentioned Pentium chip and Y2K problems, the effects of the problems were greatly reduced by understanding the potential impact of the problems, user understanding of the vulnerabilities in their applications, and appropriate remediation.  It is important to follow up with your provider and ensure that they are aware of the issue and taking appropriate actions.  It’s likely that if you follow these steps, “Meltdown” and “Spectre” will be only a footnote in the history of your validated system history!