General Product Design, Assurance & Risk Management Standards
As vulnerability research methods become more sophisticated, often targeting hardware, Intel is at the forefront of advanced secure-by-design practices, systemic mitigations, automated vulnerability scanning tools, and hardware security training, among other efforts. Examples in this area include:
- MITRE: Intel collaborated to extend existing community-driven software-oriented Common Weakness Enumeration (CWE) to include 75 hardware weaknesses and is involved in Common Vulnerabilities and Exposures (CVE) and Common Attack Pattern Enumeration and Classification (CAPEC).
- Forum of Incident Response and Security Teams (FIRST): Intel contributes to the Common Vulnerability Scoring System (CVSS) and helps lead the Product Security and Incident Response Team (PSIRT) special interest group where Intel employees coauthored the PSIRT Services Framework as a contribution to the global security community.
- Bug Bounty Community of Interest (COI): Intel contributes to the Bug Bounty COI, which is comprised of a group of subject matter experts with a deep interest in the Bug Bounty ecosystem.