Hi everyone,
Today we released
29 security advisories addressing 73 vulnerabilities. 40 of those, or 55%, were found internally through our own proactive security research. Of the remaining 33 CVEs being addressed, 29, or 40%, were reported through our
bug bounty program. Overall, 95% of the issues being addressed today are the result of our ongoing investments in security assurance, which is consistent with our
2020 Product Security Report.
During the first six months of 2021, we addressed 132 potential vulnerabilities with 70% of those being internally discovered and mitigated before they were publicly disclosed. 56 of the 132 issues were found in graphics, networking and Bluetooth™ components. Looking back at our
2019 and
2020 product security reports, you see that a large percentage of the issues found in these components were found externally and reported through our bug bounty program. So far this year, 75% of these issues were found internally by Intel security researchers and product engineers demonstrating the positive impact of a robust Security Development Lifecycle (SDL) program. Through the SDL, we take learnings from discovered vulnerabilities and make improvements to things like automated code scanning and training as well as using this information to inform our internal Red-Team events.
For more information about how Intel puts security first, have a look through the
security section in the Intel Newsroom.
Regards,
Jerry Bryant
Sr. Director of Communications
Intel Product Assurance and Security
Intel Product Assurance and Security (IPAS) is designed to serve as a security center of excellence – a sort of mission control – that looks across all of Intel. Beyond addressing the security issues of today, we are looking longer-term at the evolving threat landscape and continuously improving product security in the years ahead.