Intel Product Security Report highlights continued security assurance investment...
source link: https://siliconangle.com/2023/02/22/intel-product-security-report-highlights-continued-security-assurance-investments/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Intel Product Security Report highlights continued security assurance investments
Intel Security today released its 2022 Product Security Report, highlighting its continued security assurance investments and a year-in-review of the vulnerabilities and mitigations that it uncovered over the last year.
The headline finding in the report is that 93% of the vulnerabilities addressed by Intel in 2022 directly resulted from Intel’s investment in product security assurance. Some 137 or 56% of common vulnerabilities and exposures or CVEs of the 243 published by Intel in 2022 were discovered internally by Intel employees.
Since its first product security report in 2019, an average of 93% of all CVEs published were the direct result of Intel’s investment in product security assurance. Of 106 vulnerabilities reported by external researchers in 2022, 90, or 85%, were reported through Intel’s bug bounty program.
Intel said much of the success in uncovering vulnerabilities is thanks to the Intel Security Development Lifecycle that guides the company in applying privacy and security practices across hardware and software, including firmware, throughout the product lifecycle.
The lifecycle starts with planning and assessment, identifying the SDL activities needed through development to address the products expected security risks. The second step involves architecture and developing a threat model that drives appropriate security requirements and objectives. In the design phase, security and privacy analysis is undertaken based on security objectives, threats and requirements.
The fourth stage, implementation, involves continuously evaluating progress to ensure implementation is on track to deliver a trustworthy product. Security validation, the fifth step, involves verifying that the product meets all stated security requirements, leading to the final step, release and post-deployment, including release testing and post-release product support.
Intel also runs “Security Hack-a-Thons” that allow employees to learn to think like hackers. Employees receive ongoing training and hands-on experience through scheduled events that bring product experts together with security experts. Intel conducted 118 HaT events in 2022. Its security research teams now span 10 countries and 80 researchers.
“The security of our products is one of our most important priorities,” Intel Chief Executive Pat Gelsinger said in the report. “We strive to design, manufacture and sell the world’s most secure technology products, and we are continuously innovating and enhancing security capabilities for our products.”
Image: Intel
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
Join Our Community
Click here to join the free and open Startup Showcase event.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.
Click here to join the free and open Startup Showcase event.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK