Today we released 29 security advisories addressing 73 vulnerabilities. 40 of those, or 55%, were found internally through our own proactive security research. Of the remaining 33 CVEs being addressed, 29, or 40%, were reported through our bug bounty program. Overall, 95% of the issues being addressed today are the result of our ongoing investments in security assurance, which is consistent with our 2020 Product Security Report.
During the first six months of 2021, we addressed 132 potential vulnerabilities with 70% of those being internally discovered and mitigated before they were publicly disclosed. 56 of the 132 issues were found in graphics, networking and Bluetooth™ components. Looking back at our 2019 and 2020 product security reports, you see that a large percentage of the issues found in these components were found externally and reported through our bug bounty program. So far this year, 75% of these issues were found internally by Intel security researchers and product engineers demonstrating the positive impact of a robust Security Development Lifecycle (SDL) program. Through the SDL, we take learnings from discovered vulnerabilities and make improvements to things like automated code scanning and training as well as using this information to inform our internal Red-Team events.
For more information about how Intel puts security first, have a look through the security section in the Intel Newsroom.
Sr. Director of Communications
Intel Product Assurance and Security