With 2019 behind us, we are looking back at our investments in security and the vulnerabilities we addressed throughout the year, as well as the overall impact of Intel’s continued leadership in product security assurance and industry engagement.
For the full 2019 product security report, click HERE.
As we look at the data, two key points stand out:
- Of the 236 Common Vulnerabilities and Exposures (CVE) ID’s addressed in 2019, 144 (61%) were discovered internally by Intel through our ongoing security assurance efforts.
- An additional 70 CVEs (30%), were reported through our bug bounty program.
When you look at these two stats together, the result is that 91% of the CVEs addressed in 2019 were found and mitigated as the direct result of Intel’s investment in product security assurance and the proactive discovery and mitigation of product vulnerabilities.
61% of vulnerabilities with a “HIGH” CVSS score and 75% with a “CRITICAL” score were found by Intel.
It is also interesting to note that the vast majority of issues, 95%, were addressed in software and/or firmware and a total of 11 issues, or 5%, were addressed with microprocessor updates.
Reporting internally found vulnerabilities is not a standard practice across the technology industry, but we believe that this practice provides a critical level of transparency to our customers. At Intel, transparency is part of our Security First Pledge.
Intel would like to thank all of the external researchers who reported issues to us for coordinating disclosure. Following the guidelines of Coordinated Vulnerability Disclosure (CVD) has become the norm across the industry, and Intel continues to help lead and support the development of hardware specific guidelines together with partners and the research community.
To review our security advisories, please visit the Intel Security Center.
Director of Communications
Intel Product Assurance and Security