Cyber Defense eMagazine May Edition for 2022
Cyber Defense eMagazine May Edition for 2022 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine May Edition for 2022 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
across 12 categories. For example, some of the top hardware weaknesses include CWE-1189 Improper<br />
Isolation of Shared Resources on System-on-a-Chip, CWE-1191 On-Chip Debug and Test Interface with<br />
Proper Access Control, and CWE-1231 Improper Prevention of LockBit Modification. The complete list<br />
can be found here at MITRE.<br />
Now let’s dive into five key learnings from the Intel 2021 Product Security Report:<br />
1. 226 total CVEs were mitigated in 2021. Intel’s proactive product security assurance ef<strong>for</strong>ts<br />
discovered 93%, which is a percentage increase year-over-year since 2019. This occurs<br />
through red team events, extensive internal and external code reviews, and through<br />
collaboration with external researchers who report vulnerabilities to Intel’s bug bounty programs.<br />
2. Of the 226 CVEs, Intel employees found 50% of them (or 113 CVEs). And of the remaining 113<br />
CVEs reported by external researchers, 86% (or 97 CVEs) were reported through Intel’s Bug<br />
Bounty program. Intel’s ef<strong>for</strong>ts to internally identify and mitigate vulnerabilities has continued to<br />
increase over the last three years.<br />
3. 77% of hardware/firmware vulnerabilities were found by Intel (up from 69% in 2020), while 70%<br />
(down from 83% in 2020) of software issues were found by external researchers. This is the<br />
result of continued investment by Intel to harden the security of its products, plus additional<br />
collaboration with researchers through new programs like Project Circuit Breaker, an expansion<br />
of Intel’s Bug Bounty program.<br />
4. Collaboration with external researchers remains essential to Intel’s security assurance strategy,<br />
contributing to the discovery of CVEs across a variety of categories. That data is then fed back<br />
into Intel’s security development lifecycle (SDL) and helps in<strong>for</strong>m where to focus additional<br />
ef<strong>for</strong>ts such as hackathons.<br />
5. Intel compared CVE counts to AMD in two primary areas: CPUs and Graphics. Of the 16 Intel<br />
CPU and 51 Graphics vulnerabilities found in 2021, 25 were discovered internally by Intel (and<br />
42 were found through Intel’s Bug Bounty program). According to AMD’s publicly available<br />
in<strong>for</strong>mation, 31 AMD CPU and 27 Graphics vulnerabilities were disclosed in 2021 and all were<br />
attributed by AMD to external sources. Notably, Intel and AMD share 23 of the Graphics CVEs,<br />
as these were issues reported through Intel’s Bug Bounty program, but the affected graphics<br />
components were AMD parts integrated into Intel products.<br />
Intel continues to heavily invest in security assurance. This includes its Security Development Lifecycle<br />
(SDL), which guides the company in applying privacy and security practices across hardware and<br />
software (including firmware) throughout the product lifecycle. Furthermore, the community of security<br />
researchers from around the world continues to contribute to improving the security of Intel technology<br />
through Intel’s Bug Bounty program. And just recently the company announced Project Circuit Breaker,<br />
the next expansion within its Bug Bounty program comprised of a community of elite hackers hunting<br />
bugs in firmware, hypervisors, GPUs, compromising chipsets, pwning processors and more.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>May</strong> <strong>2022</strong> <strong>Edition</strong> 36<br />
Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.