Security
Determine security ramifications to protect personal data and information
107 Discussions

IPAS: 2019 Product Security Report

IPAS_Security
Employee
‎02-26-2020 06:00 AM
0 0 453
IPAS_ 2019 Product Security Report

Hi everyone,

With 2019 behind us, we are looking back at our investments in security and the vulnerabilities we addressed throughout the year, as well as the overall impact of Intel’s continued leadership in product security assurance and industry engagement.

For the full 2019 product security report, click HERE.

As we look at the data, two key points stand out:

  1. Of the 236 Common Vulnerabilities and Exposures (CVE) ID’s addressed in 2019, 144 (61%) were discovered internally by Intel through our ongoing security assurance efforts.

  2. An additional 70 CVEs (30%), were reported through our bug bounty program.


 

When you look at these two stats together, the result is that 91% of the CVEs addressed in 2019 were found and mitigated as the direct result of Intel’s investment in product security assurance and the proactive discovery and mitigation of product vulnerabilities.

91piechart.png

61% of vulnerabilities with a “HIGH” CVSS score and 75% with a “CRITICAL” score were found by Intel.

It is also interesting to note that the vast majority of issues, 95%, were addressed in software and/or firmware and a total of 11 issues, or 5%, were addressed with microprocessor updates.

Reporting internally found vulnerabilities is not a standard practice across the technology industry, but we believe that this practice provides a critical level of transparency to our customers. At Intel, transparency is part of our Security First Pledge.

Intel would like to thank all of the external researchers who reported issues to us for coordinating disclosure. Following the guidelines of Coordinated Vulnerability Disclosure (CVD) has become the norm across the industry, and Intel continues to help lead and support the development of hardware specific guidelines together with partners and the research community.

To review our security advisories, please visit the Intel Security Center.

Regards,

Jerry Bryant
Director of Communications
Intel Product Assurance and Security
0 Kudos
About the Author
Intel Product Assurance and Security (IPAS) is designed to serve as a security center of excellence – a sort of mission control – that looks across all of Intel. Beyond addressing the security issues of today, we are looking longer-term at the evolving threat landscape and continuously improving product security in the years ahead.

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.