2022 Product Security Report
Intel’s Security-First Pledge
Unwavering Customer Focus
We put customer needs first in our security decisions.
Continuous Technology Innovation
New threats will emerge, and vulnerabilities will be found, so Intel is committed to growing, adapting, and relentlessly advancing security.
Robust Incident Response
We invest extensively in vulnerability management and offensive security research for the continuous improvement of our products.
Security by Design
Our Security Development Lifecycle (SDL) integrates security principles and privacy tenets at every step of development.
Community Advocacy
We work with technology partners, academic institutions, industry organizations, and governance bodies worldwide.
93%
93% of the vulnerabilities addressed in 2022 directly resulted from Intel's investment in product security assurance.
56%
137 (56%) of the 243 CVEs published in 2022 were discovered internally by Intel employees.
93%
93% of the vulnerabilities addressed in 2022 directly resulted from Intel's investment in product security assurance.
56%
137 (56%) of the 243 CVEs published in 2022 were discovered internally by Intel employees.
93%
Since the first product security report for the calendar year 2019, an average of 93% of all CVEs published were the direct result of Intel’s investment in product security assurance.
85%
Of the 106 vulnerabilities reported by external researchers in 2022, 90 vulnerabilities, or 85%, were reported through Intel’s Bug Bounty program.
93%
Since the first product security report for the calendar year 2019, an average of 93% of all CVEs published were the direct result of Intel’s investment in product security assurance.
85%
Of the 106 vulnerabilities reported by external researchers in 2022, 90 vulnerabilities, or 85%, were reported through Intel’s Bug Bounty program.
What is Product Security Assurance?
Product security assurance at Intel is an investment in people, processes, and tools extending from initial product development to the end of the product lifecycle. It means that customers can feel confident in Intel’s Security-First Pledge and that we actively work to deliver security without sacrificing performance. By working with our customers and industry partners, we can achieve the levels of secure performance people expect and deliver technology they trust.
The Intel Product Security Report reflects our investment in product security assurance. This fourth annual report shows that Intel’s proactive investments were responsible for finding and mitigating 93% of all the vulnerabilities addressed in the last four years.
Intel's Approach to Cybersecurity
Security-First Mindset
Learn some of the ways that Intel works to shift our culture to a security-first mindset to fulfill our vision of empowering our customers with the most secure systems, software, and services, driven by innovation, to enhance security capabilities they trust.
Secure Product Development
From an offensive security research team spanning 10 countries to a robust Security Development Lifecycle (SDL) program, Intel’s security-first commitment is baked in to our product development.
Ongoing Product Security Assurance
Intel’s security-first commitment does not end when a product ships. Learn how our Product Security Incident Response Team (PSIRT) performs companywide vulnerability management, how our innovative bug bounty programs provide training and incentives to security researchers, and how our Intel Platform Update process enables an entire ecosystem to provide security updates to end customers.
How Intel Engages the Ecosystem
Deep engagement with the academic community, having a bias for open source software, helping to drive security standards across the industry, and far reaching community & policy advocacy, are just some of the ways that Intel engages the global ecosystem.
CVE Data
This transparent report demonstrates the impact of Intel’s investment in product security assurance and how 93% of the vulnerabilities addressed in 2022 were the result of Intel’s proactive efforts.