Reporting a Potential Security Vulnerability
If you have discovered potential security vulnerability in an Intel product, please contact the Intel PSIRT at firstname.lastname@example.org. It is important to include the following details:
- The products and versions affected
- Detailed description of the vulnerability
- Information on known exploits
Vulnerability information is extremely sensitive. The Intel PSIRT strongly recommends that all security vulnerability reports sent to Intel be encrypted using the Intel PSIRT PGP key. The PGP key is available here.
Software to encrypt messages may be obtained from:
• PGP Corporation
Publication of Security Information
The Intel PSIRT publishes two types of security information at the Intel Product Security Center:
- Security Advisories: Provide information about security vulnerabilities identified with Intel products, including any fixes, workarounds or other actions.
- Security Notices: Provide information of general interest about security topics related to Intel products or the use of Intel products.
Vulnerability Handling Process
Security vulnerabilities in Intel products are actively managed through a well-defined process. The time to respond varies based on the scope of the issue. The process consists of 4 key steps:
Reporting: The process begins when the Intel PSIRT becomes aware of a potential security vulnerability in an Intel product. The reporter receives an acknowledgement and updates throughout the handling process.
Evaluation: Intel PSIRT confirms the potential vulnerability, assesses the risk, determines the impact and assigns a processing priority. If the vulnerability is confirmed, the priority determines how the issue is handled throughout the remaining steps in the process.
Solution: Working with the product team, the Intel PSIRT develops a solution that mitigates the reported security vulnerability. Solutions will take different forms based on the vulnerability. In cases where a vulnerability is being actively exploited, Intel may deliver a temporary solution to contain the issue while working on the full solution.
Communication: Intel PSIRT publishes security advisories, notices, and information articles to communicate with customers about security issues that affect our products. Advisories and notices are published at the Intel Product Security Center and released simultaneously to all customers. For previously unknown or unreported issues, Intel will acknowledge the reporter in an advisory or notice when published, if requested.
Intel supports the advancement of processes, tools and organizations to develop products that meet the security requirements of our customers and end users. Intel is an active member of FIRST (Forum of Incident Response and Security Teams) and works closely with Computer Emergency Response Teams and other worldwide groups.