SECURITY
SECURITY
SECURITY
Intel Product Security Report highlights continued security assurance investments
Intel Security today released its 2022 Product Security Report, highlighting its continued security assurance investments and a year-in-review of the vulnerabilities and mitigations that it uncovered over the last year.
The headline finding in the report is that 93% of the vulnerabilities addressed by Intel in 2022 directly resulted from Intel’s investment in product security assurance. Some 137 or 56% of common vulnerabilities and exposures or CVEs of the 243 published by Intel in 2022 were discovered internally by Intel employees.
Since its first product security report in 2019, an average of 93% of all CVEs published were the direct result of Intel’s investment in product security assurance. Of 106 vulnerabilities reported by external researchers in 2022, 90, or 85%, were reported through Intel’s bug bounty program.
Intel said much of the success in uncovering vulnerabilities is thanks to the Intel Security Development Lifecycle that guides the company in applying privacy and security practices across hardware and software, including firmware, throughout the product lifecycle.
The lifecycle starts with planning and assessment, identifying the SDL activities needed through development to address the products expected security risks. The second step involves architecture and developing a threat model that drives appropriate security requirements and objectives. In the design phase, security and privacy analysis is undertaken based on security objectives, threats and requirements.
The fourth stage, implementation, involves continuously evaluating progress to ensure implementation is on track to deliver a trustworthy product. Security validation, the fifth step, involves verifying that the product meets all stated security requirements, leading to the final step, release and post-deployment, including release testing and post-release product support.
Intel also runs “Security Hack-a-Thons” that allow employees to learn to think like hackers. Employees receive ongoing training and hands-on experience through scheduled events that bring product experts together with security experts. Intel conducted 118 HaT events in 2022. Its security research teams now span 10 countries and 80 researchers.
“The security of our products is one of our most important priorities,” Intel Chief Executive Pat Gelsinger said in the report. “We strive to design, manufacture and sell the world’s most secure technology products, and we are continuously innovating and enhancing security capabilities for our products.”
Image: Intel
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
