Secure Product Development
Security Across Six Phases
The Intel Security Development Lifecycle (SDL) guides us in applying privacy and security practices across hardware and software (including firmware) throughout the product lifecycle.
Diana Carroll
SDL Content Architect Intel
Intel Security Hack-a-Thons (HaT)
Having a security-first mindset means that employees learn to think like hackers.
To accomplish this, employees receive ongoing training and hands-on experience through scheduled HaT events. HaT events are a crucial way to bring product experts together with security experts to build a security-first mindset.
In 2022, security teams across Intel conducted 118 HaT events
HaT Goals and Motivations
Improve Product Security
Through security findings and mitigation and Architecture / Design hardening recommendations.
Increase Security Know-Hows and Build Community of Practice
Through immersive, hands-on security experience for product development and security assurance teams.
Assess Quality of Product Assurance Execution
Type of security issues, quality and quantity of issues, provide a good assessment of product's SDL execution and security capability.
Improve Security Tools and Training
Key learning (technical and process) and application of tools are driven back to product teams as well as IPAS Governance, Tools, and Security Development Academy.
Enable Cross-Pollination
Technologies and Security knowledge are transferred among Product and Security experts, and ongoing collaboration is established for continuous learning.
Truc Nguyen, Director, Offensive Security Research and Hareesh Khattri, Senior Security Researcher
Security Research Teams
iSTARE: Intel Threat Analysis and Reverse Engineering | STORM: Strategic Threats Offensive Research and Mitigations | OSR: Offensive Security Research Our mission is to provide high quality research in a consumable and timely fashion to enable our customers to make the best choices for security.
80
Researchers
10
Countries
80
Researchers
10
Countries
Offensive Security Research (OSR)
Ensuring we are continually finding, mitigating, and reporting security issues in our products.
Proactive Research
Dedicated researchers continually monitor and probe Intel products and platforms for known, emerging, and novel threats and attacks.
- Intelligence Insights
- Architecture Reviews
- Threat Model ++
- Vulnerability and Exploitation
- Systemic Mitigations
Reactive Research
Intel acts swiftly when a new vulnerability or exploit is discovered, quickly working to develop systemic mitigations.
- Triage incoming PSIRTs
- PSIRT mitigation effectiveness
Capabilities and Culture
Solutions to instill the security-first mindset within every Intel architect, developer, designer and validator.
- Immersive Mentoring
- Security Belts
- Tools
- Training
- Purple Teams
- SDL
Researcher and Community Outreach
Investments to engage the global research community in industry and academia.
- Listening Events
- Research Sponsorship
- Diversity & Inclusion
Intel Transparent Supply Chain
Intel is leading the industry in hardware supply chain assurance with Transparent Supply Chain. These tools, policies, and procedures, implemented on the factory floor at PC and server manufacturers of the direct platform data, help enable enterprises to verify the authenticity and firmware version of systems and their components. There is growing concern that counterfeit electronic parts can cause safety hazards or failure of business-critical applications or that vulnerabilities can be introduced into the supply chain to be exploited later. Current supply chain practices start with trusting the source, but processes are limited for screening out counterfeit components, particularly for products containing many subsystems.
Security
Digitally signed statement of conformance for every platform attests to the platform’s authenticity.
Accountability
Digitally signed statement of conformance for every platform attests to the platform’s authenticity.
Traceability
Platform certificates linked to the discrete Trusted Platform Module (TPM) provide system-level traceability.
Assurance
Auto Verify tool compares the “snapshot” taken during manufacturing with a “snapshot” taken at first boot to help detect tampering.
Patrick Bohart
Intel Director of Planning and Business Development
Lenovo's LaTrea Shine talks about Lenovo supply chain and their implementation of Intel's Transparent Supply Chain to support their customers.
2023 Intel Product Security Report
Our annual report reflects ongoing industry leadership in product security assurance. This year, we examine how those investments stack up competitively, and the numbers are telling.
AMD had 3.5x as many vulnerabilities in their Chain of Trust/Secure Boot than Intel. Read the report to learn more.