IPAS: Security Advisories for June 2021

Hi everyone,

Today we released 29 security advisories addressing 73 vulnerabilities. 40 of those, or 55%, were found internally through our own proactive security research. Of the remaining 33 CVEs being addressed, 29, or 40%, were reported through our bug bounty program. Overall, 95% of the issues being addressed today are the result of our ongoing investments in security assurance, which is consistent with our 2020 Product Security Report.

During the first six months of 2021, we addressed 132 potential vulnerabilities with 70% of those being internally discovered and mitigated before they were publicly disclosed. 56 of the 132 issues were found in graphics, networking and Bluetooth™ components. Looking back at our 2019 and 2020 product security reports, you see that a large percentage of the issues found in these components were found externally and reported through our bug bounty program. So far this year, 75% of these issues were found internally by Intel security researchers and product engineers demonstrating the positive impact of a robust Security Development Lifecycle (SDL) program. Through the SDL, we take learnings from discovered vulnerabilities and make improvements to things like automated code scanning and training as well as using this information to inform our internal Red-Team events.

For more information about how Intel puts security first, have a look through the security section in the Intel Newsroom.

Regards,

Jerry Bryant
Sr. Director of Communications
Intel Product Assurance and Security

Published on Categories IDF, Security
Jerry Bryant

About Jerry Bryant

Jerry Bryant is a Senior Director of Security Communications at Intel Corp. where he leads communications strategy, vulnerability issues management, field, and customer readiness within the Intel Product Assurance and Security Group (IPAS). Jerry has over 20 years experience in product security incident response within fortune 50 companies and specializes in vulnerability handling, incident/crisis management, threat intelligence sharing, industry, and government engagement. He believes strongly in sharing lessons learned and helping to advance the knowledge and readiness of defenders across the industry. Jerry is a co-author of the Product Security Incident Response Team (PSIRT) Services Framework, a cross industry collaboration through the Forum for Incident Response and Security Teams (FIRST.org).