Intel Product Security Report highlights continued security assurance investments

Intel Safety at this time launched its 2022 Product Safety Report, highlighting its continued safety assurance investments and a year-in-review of the vulnerabilities and mitigations that it uncovered over the past 12 months.

The headline discovering within the report is that 93% of the vulnerabilities addressed by Intel in 2022 instantly resulted from Intel’s funding in product safety assurance. Some 137 or 56% of frequent vulnerabilities and exposures or CVEs of the 243 revealed by Intel in 2022 had been found internally by Intel staff.

Since its first product safety report in 2019, a mean of 93% of all CVEs revealed had been the direct results of Intel’s funding in product safety assurance. Of 106 vulnerabilities reported by exterior researchers in 2022, 90, or 85%, had been reported via Intel’s bug bounty program.

Intel stated a lot of the success in uncovering vulnerabilities is because of the Intel Safety Growth Lifecycle that guides the corporate in making use of privateness and safety practices throughout {hardware} and software program, together with firmware, all through the product lifecycle.

The lifecycle begins with planning and evaluation, figuring out the SDL actions wanted via growth to deal with the merchandise anticipated safety dangers. The second step entails structure and creating a risk mannequin that drives applicable safety necessities and goals. Within the design part, safety and privateness evaluation is undertaken based mostly on safety goals, threats and necessities.

The fourth stage, implementation, entails repeatedly evaluating progress to make sure implementation is on monitor to ship a reliable product. Safety validation, the fifth step, entails verifying that the product meets all acknowledged safety necessities, resulting in the ultimate step, launch and post-deployment, together with launch testing and post-release product help.

Intel additionally runs “Safety Hack-a-Thons” that permit staff to be taught to assume like hackers. Workers obtain ongoing coaching and hands-on expertise via scheduled occasions that deliver product specialists along with safety specialists. Intel performed 118 HaT occasions in 2022. Its safety analysis groups now span 10 nations and 80 researchers.

“The safety of our merchandise is one in every of our most essential priorities,” Intel Chief Government Pat Gelsinger stated within the report. “We try to design, manufacture and promote the world’s most safe expertise merchandise, and we’re repeatedly innovating and enhancing safety capabilities for our merchandise.”

Picture: Intel