According to the 2019 Software Security Study, Intel fixed more than 230 vulnerabilities in its products last year but under a dozen have affected its processors.
Intel said in 2019, it learned about 236 vulnerabilities, 144 of which were internally found by its employees. Internally found problems included 61 percent of high-gravity weaknesses and 75 percent of critical ones. In total, 4 defects were rated as severe and 81 as moderate severity.
The Company’s bug bounty system identified three quarters of the bugs reported by external researchers.
“The data shows that 91 per cent of the questions addressed were the direct result of Intel’s investment in quality security, integrating bug bounty with the internally found vulnerabilities,” the company wrote in its report.
The chipmaker only records 11 vulnerabilities with an average annual CVSS score of 5.02. It includes the ZombieLoad, Fallout and RIDL MDS vulnerabilities.
“Security researchers and industry experts have recognized that side-channel problems are difficult to exploit, frequently requiring a degree of access to the target system to make it possible for attackers to acquire and exfiltrate information more secure and effective.
Of the 236 bugs discovered in company goods last year, there were 112 software affected, 59 firmware affected and 13 hardware affected. Patching included both software and firmware updates for 52 vulnerabilities.
Intel says it did not find any evidence that any of the vulnerabilities fixed last year were used in attacks.
The company announced four new security capabilities earlier this week and received more detail about its previously announced initiative on the Supply Chain Transparency Compute Lifecycle Assurance.