Security is more important than ever as attacks grow in sophistication and system security becomes more dependent on solid hardware and software foundations.
SANTA CLARA, Calif.: Intel recently released the results of its 2023 Product Security Report. Intel’s industry-leading and transparent product security assurance practices improve product defenses. Proactive investments accounted for 94% of its vulnerability disclosures in 2023, the highest in five years.
Intel’s 2023 Product Security Report found that proactive investments accounted for 94% of the company’s vulnerability disclosures in 2023, the highest level in five years. (Credit: Intel Corporation)
“Intel believes a transparent approach to security is the only way to truly empower customers while delivering product innovations that build defenses at the foundation. Protecting workloads while accelerating software resilience is key to pushing the boundaries around how we define what is and what is not secure. Working with our customers and industry partners through key security assurance practices enables us to achieve the levels of secure performance people expect and deliver technology they trust.” said, Greg Lavender, Intel executive vice president, chief technology officer and general manager of the Software and Advanced Technology Group
Why It Matters: In the past year, Intel addressed 353 vulnerabilities, while a record 256 researchers engaged in its Bug Bounty program (up from 181 in 2022), including an elite community of ethical hackers through Project Circuit Breaker. Companies, like Intel, who have prioritized these initiatives for years remain at the forefront of security and innovation. Their efforts combat modern cyberthreats for the betterment of the entire ecosystem and provide the first line of defense for customers. They also produce tangible security benefits; the report found that AMD reported three times more platform firmware vulnerabilities than Intel in 2023.
What the Report Says: Key findings from the report, which is in its fifth year, include:
- Intel achieved a combined 39% reduction in hardware and firmware vulnerabilities in 2023 compared with 2022.
- Compared with 2022, there was a decrease in firmware vulnerabilities (38% fewer), a decrease in hardware vulnerabilities (47% fewer) and an increase in software vulnerabilities (208% more), which is attributed to the growth of Intel’s Bug Bounty and security researcher engagement programs.
- Of the 353 vulnerabilities that were addressed in 2023, 256 were in software.
- In 2023, 89% of common vulnerabilities and exposures (CVEs) reported by external sources qualified for a bounty and a record 256 researchers engaged in Intel Bug Bounty programs.
- In 2023, AMD had more than 3.5 times as many vulnerabilities in its Chain of Trust/Secure Boot firmware components and features than Intel.
A recent white paper from ABI Research1 ranks Intel as the silicon leader in product security assurance, offering a comparative assessment of the practices of top technology vendors including AMD, Nvidia, Qualcomm and Arm. This validates Intel’s leadership in delivering a product portfolio with world-class security assurance built in. The research found that 89% of respondents reported security issues or breaches related to a product they’ve used, and 40% ranked a secure development life cycle as a highest priority when considering security assurance. Intel’s posture of transparency and proactivity is more important than ever to maintain the highest standard for quality and security assurance.
