Intel report highlights continued security assurance investments, growing bug bounty program

SECURITY

Intel Corp. today released its 2023 Product Security Report, highlighting its continued security assurance investments and a year-in-review of the vulnerabilities and mitigations that it uncovered over the last year.

The report, in its fifth year, is released as part of Intel’s commitment to transparency in security, its product security assurance practices and its proactive investments that ensure that its products are secure at a time when systems are becoming more dependent on foundational hardware and software.

In 2023, Intel addressed 353 vulnerabilities, while a record 256 researchers engaged in its Bug Bounty program, up from 181 in 2022, including a community of ethical hackers through Project Circuit Breaker. The report notes that companies that prioritized initiatives such as bug bounty initiatives remain at the forefront of security and innovation.

Intel’s investment in security, through its Bug Bounty program and other initiatives, is said to combat modern cyber threats for the betterment of the entire ecosystem and provide the first line of defense for customers. They also produce tangible security benefits: The report found that Advanced Micro Devices Inc. — an archrival of Intel, it should be mentioned — reported three times more platform firmware vulnerabilities than Intel in 2023.

Notable achievements in 2023 included Intel seeing a combined 39% reduction in hardware and firmware vulnerabilities in 2023 from 2022. Firmware vulnerabilities were down 38% and hardware vulnerabilities were down 47%, but conversely, discovered software vulnerabilities were up 208%. The latter figure was attributed to the growth of Intel’s Bug Bounty and security researcher engagement programs.

Of the 353 vulnerabilities that were addressed in 2023, 256 were in software. In 2023, 89% of Common Vulnerabilities and Exposures reported by external sources qualified for a bounty and a record 256 researchers engaged in Intel Bug Bounty programs.

The report also highlights a recent white paper from ABI Research commissioned by Intel that ranked Intel as the “silicon leader in product security assurance” compared to top technology vendors, including AMD, Nvidia Corp., Qualcomm Inc. and Arm Holdings plc. The finding is claimed to validate Intel’s leadership in delivering a product portfolio with world-class security assurance built-in.

The research found that 89% of respondents reported security issues or breaches related to a product they’ve used and 40% ranked a secure development life cycle as the highest priority when considering security assurance.

“Intel’s posture of transparency and proactivity is more important than ever to maintain the highest standard for quality and security assurance,” the report notes. Intel argues that if hardware isn’t secure, then a system can’t be either – and technology vendors have an essential role to play.

Intel added that its ongoing prioritization of the advancement of security assurance, robust incident response, community advocacy and research help provide unique value to its customers and partners. Doing so provides protection across multiple levels and workloads and defends against ever-evolving adversaries.

Photo: Intel