Intel Embeds Product Security Experts Throughout The Company To Prevent Future Vulnerabilities
Intel said it is embedding dedicated product security experts throughout the company as part of new effort to stay ahead of future security threats.
The plan is among new details the Santa Clara, Calif.-based chipmaker provided on Friday for its new Product Assurance and Security group, which was established in January in the wake of the Meltdown and Spectre vulnerabilities that were disclosed at the beginning of the year.
Leslie Culbertson, who was appointed leader of the group in January, wrote in a Friday blog post that the Product Assurance and Security team is "designed as a center of security excellence — a sort of mission control — that looks across all of Intel." The group's task is looking "longer-term at the evolving threat landscape and continuously improving product security in the years ahead."
To do that, Culbertson said the group has centralized the company's best security talent while also ensuring that product security experts are embedded throughout the organization.
Intel also sees opportunities to create deeper partnerships with academic researchers and security experts "to accelerate security innovation throughout the entire industry," Culbertson wrote. Furthermore, she said the company believes that collaboration with operating system and software vendors, systems manufacturers, cloud providers and other chipmakers is essential for the future.
"We expect bad actors will continuously pursue increasingly sophisticated attacks, and it will take all of us – working together – to deliver solutions," Culbertson wrote.
The semiconductor company already saw this level of collaboration after the Meltdown and Spectre vulnerabilities were, Culbertson said, which she hopes will continue.
"My challenge to the industry is to maintain the same level of collaboration we demonstrated is possible earlier this year," she said. "If we can continue to work together at that scale, imagine the possibilities."
The newly established Product Assurance and Security group is part of Intel's security-first pledge. The company has already issued software patches in Intel products from the last nine years to protect against Spectre and Meltdown, and it plans to release processors in the second half of this year with hardware-level protection. At the same time, Intel has decided to not issue patches to certain older CPUs due to "limited ecosystem support and customer feedback," the company said earlier this week.
Wallace Santos, CEO of Maingear, a Kenilworth, N.J.-based system builder and Intel partner, told CRN that Intel's new security plans fall in line with what the company has been telling him.
"For us, we think Intel handled it properly. We thought the communication was very good once we become aware of the situation, and we think the action plan is good too," he said.