The Long Game: Product and Security Assurance

In a recent global study by Ponemon Institute,¹ 73% of IT decision-makers say they are more likely to purchase technologies and services from companies that proactively find, mitigate and communicate security vulnerabilities.

Intel is committed to product and security assurance and regularly releases functional and security updates for supported products and services. The Intel platform update (IPU) helps simplify the update process and improve predictability for Intel’s customers and partners. The updates provide security and functional improvements across Intel’s product portfolio.

“Security doesn’t just happen. If you are not finding vulnerabilities, then you are not looking hard enough,” said Suzy Greenberg, vice president, Intel Product Assurance and Security. “Intel takes a transparent approach to security assurance to empower customers and deliver product innovations that build defenses at the foundation, protect workloads and improve software resilience.”

Broad Ecosystem Collaboration

IPUs are often highly integrated combinations of hardware, firmware and software. Updates often require additional validation and integration from Intel ecosystem partners participating in the coordinated vulnerability handling process. These partners include operating systems vendors, cloud service providers, independent firmware vendors, original equipment manufacturers and systems integrators who release validated updates through direct channels to their customers.

The IPU process facilitates the ecosystem coordination and vulnerability handling process, leading to the release of validated updates.

The Intel platform update releases functional and security updates for supported products and services. (Credit: Intel Corporation)

Leading factors that cause delays in vulnerability patching process. (Credit: The Role of Transparency and Security Assurance in Driving Technology Decision-making, Prepared by Ponemon Institute, March 2021)

One of Intel’s major initiatives in 2018 was to continue improving the delivery of microcode updates (MCUs). In June 2018, Intel delivered the first OS-loadable MCU. As a result, Spectre V2 updates were possible via secure operating system updates, such as Windows Update and open source equivalents. Since then, Intel has enabled delivery of MCUs through this automated process when possible.

Security is a system-level property where every component in the system — from software to silicon — plays its part to help keep data secure. Intel’s success relies on the success of its customers — and helping its customers be more resilient to emerging threats is a critical part of that success.

More Context: 2020 Product Security Report | The Role of Transparency and Security Assurance in Driving Technology Decision-Making (Ponemon Institute Study, Sponsored by Intel) | People, Processes, Products Define Intel’s Security Strategy  (Martin G. Dixon Editorial) | Silicon as Code, the Cybersecurity Vulnerability Paradox, and the Transparency Requirements for a 21st Century Processor Vendor (IDC White Paper, Sponsored by Intel)

¹The Role of Transparency and Security Assurance in Driving Technology Decision-Making was sponsored by Intel and independently conducted by Ponemon Institute.

No product or component can be absolutely secure.

Category: Intel

This entry was posted on Thursday, June 3rd, 2021 at 3:42 pm. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.