Intel Releases 2023 Product Security Report Highlighting Commitment to Security Assurance
Security is more important than ever as attacks grow in sophistication and system security becomes more dependent on solid hardware and software foundations.
What’s New: Today, Intel released the results of its 2023 Product Security Report. Intel’s industry-leading and transparent product security assurance practices improve product defenses. Proactive investments accounted for 94% of its vulnerability disclosures in 2023, the highest in five years.
“Intel believes a transparent approach to security is the only way to truly empower customers while delivering product innovations that build defenses at the foundation. Protecting workloads while accelerating software resilience is key to pushing the boundaries around how we define what is and what is not secure. Working with our customers and industry partners through key security assurance practices enables us to achieve the levels of secure performance people expect and deliver technology they trust.”
Why It Matters: In the past year, Intel addressed 353 vulnerabilities, while a record 256 researchers engaged in its Bug Bounty program (up from 181 in 2022), including an elite community of ethical hackers through Project Circuit Breaker. Companies, like Intel, who have prioritized these initiatives for years remain at the forefront of security and innovation. Their efforts combat modern cyberthreats for the betterment of the entire ecosystem and provide the first line of defense for customers. They also produce tangible security benefits; the report found that AMD reported three times more platform firmware vulnerabilities than Intel in 2023.
What the Report Says: Key findings from the report, which is in its fifth year, include:
- Intel achieved a combined 39% reduction in hardware and firmware vulnerabilities in 2023 compared with 2022.
- Compared with 2022, there was a decrease in firmware vulnerabilities (38% fewer), a decrease in hardware vulnerabilities (47% fewer) and an increase in software vulnerabilities (208% more), which is attributed to the growth of Intel’s Bug Bounty and security researcher engagement programs.
- Of the 353 vulnerabilities that were addressed in 2023, 256 were in software.
- In 2023, 89% of common vulnerabilities and exposures (CVEs) reported by external sources qualified for a bounty and a record 256 researchers engaged in Intel Bug Bounty programs.
- In 2023, AMD had more than 3.5 times as many vulnerabilities in its Chain of Trust/Secure Boot firmware components and features than Intel.
A recent white paper from ABI Research1 ranks Intel as the silicon leader in product security assurance, offering a comparative assessment of the practices of top technology vendors including AMD, Nvidia, Qualcomm and Arm. This validates Intel’s leadership in delivering a product portfolio with world-class security assurance built in. The research found that 89% of respondents reported security issues or breaches related to a product they’ve used, and 40% ranked a secure development life cycle as a highest priority when considering security assurance. Intel’s posture of transparency and proactivity is more important than ever to maintain the highest standard for quality and security assurance.
About Intel’s Role: If hardware isn’t secure, then a system can’t be either – and technology vendors have an essential role to play. Intel’s ongoing prioritization of the advancement of security assurance, robust incident response, community advocacy and research help provide unique value to its many customers and partners. It is this protection at multiple levels and across workloads that defends against ever-evolving adversaries. Intel’s long-standing commitment to security, both within the company and across the entire technology ecosystem, has never been stronger.
More Context: 2023 Product Security Report | ABI Research: Embracing Security as a Core Component of the Tech You Buy | Chips & Salsa Video Series | InTechnology Podcast | Project Circuit Breaker | Intel’s Bug Bounty Program | Product Security at Intel
The Small Print:
1ABI Research white paper “Embracing Security as a Core Component of the Tech You Buy” was independently conducted by ABI Research and sponsored by Intel.