Skip to main content

Intel’s getting serious about fixing security bugs – but is that enough?

Intel Core i7 8086K
Image Credit: TechRadar

Recently, a series of high-profile security flaws were found in Intel’s processors, dating back years, which seriously impacted the chip-maker’s reputation, and in a new security report the company claims it has doubled down on fixing those issues and ensuring that nothing like that happens again.

According to the report, in 2019, Intel’s own security team uncovered 144 of the 236 (61%) of the Common Vulnerability and Exposures (CVEs) that affected its products, while 92 were found by external researchers – with 70 of them being found thanks to Intel’s Bug Bounty program, which gives financial rewards to people for finding bugs.

The report also claims that 91% of the bugs were found thanks to Intel’s investment in product assurance (both internally and through the Bug Bounty program), which seems to suggest that the company has been true to its word in investing money and resources into uncovering and fixing security bugs.

Design changes

While Intel’s increased investment in fixing its security bugs is very welcome, so far we’ve not seen any big changes to the company’s chip designs.

Some of the most serious security flaws, like Spectre, could only be permanently fixed by a processor redesign – fundamentally changing the way Intel builds it processors, and so far that doesn’t seem to have happened.

It’s understandable why Intel has not done this – it would be a time consuming and costly process – but if the company is really serious about fixing its security flaws, then it may need to do this, and sooner rather than later.

Via Tom's Hardware