The report reflects Intel’s continued product security assurance investments and includes a review of vulnerabilities discovered and mitigated in 2022
Intel today published its Product Security Report for 2022, underscoring the company’s long-standing commitment to product security assurance. The fourth-annual report demonstrates that Intel’s proactive investments were responsible for finding and mitigating 93% of all vulnerabilities addressed over the past four years.
Additional key findings from the report include:
- 93% of the 243 vulnerabilities addressed in 2022 directly resulted from Intel’s proactive investments in product security assurance.
- 137 (56%) of the 243 common vulnerabilities and exposures (CVEs) published in 2022 were discovered internally by Intel employees.
- Of the 106 vulnerabilities reported by external researchers in 2022, 90 vulnerabilities (85%) were reported through Intel’s Bug Bounty program.
According to a Ponemon study, customers prefer vendors that proactively find, mitigate and communicate security vulnerabilities. The majority of potential vulnerabilities are found and mitigated during the product development process. However, strong product security also lies in the ability to expertly manage any issues found after a product is in the market. Intel’s commitment to security assurance investments through the right people, processes and tooling span both product development and support and servicing times. This also includes dozens of hackathon events, Intel’s innovative Bug Bounty and Project Circuit Breaker programs, an industry-leading Product Security Incident Response Team (PSIRT), Security Development Lifecycle (SDL), Long-Term Retention Lab, security and academic research partners – including the first researcher-in-residence program for university professors – and, most important, Intel’s Security-First Pledge.
Attacks are becoming more sophisticated, and security cannot be taken for granted. System trust is rooted in security: If hardware isn’t secure, then a system cannot be secure. Intel’s longstanding commitment to security, both within the company and across the entire technology ecosystem, has never been stronger.