Intel Publishes 2021 Product Security Report

Intel today published their annual security report that provides various insights into the different security vulnerabilities disclosed and mitigated over the past calendar year.

Intel's report talks up that 93% of the vulnerabilities addressed come as a result of their investments into security assurance, half of the 226 CVEs covered in 2021 were found internally by Intel employees and 86% of the remaining 113 CVEs found externally were reported through their Bug Bounty Program. Intel meanwhile uncovered 77% of the hardware/firmware vulnerabilities affecting them last year while external researchers found 70^ of the Intel software security issues.

This report comes out one day after Intel announced Project Circuit Breaker as an expansion of their Bug Bounty Program.

Interestingly their report indicates the product categories with the highest CVE counts for 2021 were their graphics hardware/drivers followed by Ethernet products and other software.

See the 2021 Intel Product Security Report in full at Intel.com. They even compare their CVE counts against AMD, to which Intel is promoting in 2021 their CPUs only had 10 CVEs to a total 31 on the AMD side while AMD's graphics category had 27 CVEs during the year to 51 on the Intel side.