#190 Product Security Assurance

Subscribe to get the latest

on 2024-03-14 07:00:00 +0000

with Darren W Pulsipher,

In this episode Darren interviews Jerry Bryan Sr. Director of Product Assurance at Intel and fellow podcaster of Chips and Salsa. They discover the Zero Trust aspects of Product assurance for a silicon manufacturer.


Keywords

#endusersecurity #cybersecurity #people #process #policy


Product assurance is integral to digital security, especially within the silicon industry. Internationally renowned technology giant Intel is setting the bar high in this domain. Intel has taken a comprehensive approach to product assurance, striking an effective balance between proactive security measures and reactive mitigation strategies.

Laying the Foundation of Security in Technology

Product assurance at Intel starts with embedding a security-first mindset across the organization. The objective is to equip Intel’s engineers to understand a hacker’s outlook and approach. This is achieved through extensive training and events. Simultaneously, the organization applies a diligent security development lifecycle. This proactive measure ensures potential security weaknesses are identified and resolved.

Equally important is Intel’s widespread commitment to product assurance, which goes beyond the product development phase. The firm has established a product security incident response team (PSIRT). The team is tasked with managing vulnerability reports, developing quick mitigations, and facilitating the prompt delivery of security updates to customers when vulnerabilities surface post-product launch.

Investing in Offensive Security Research

Supporting its commitment to product assurance, Intel has established an ‘offensive security research team’ that boasts more than 80 hardware security researchers worldwide. The team proactively identifies potential vulnerabilities in existing and under-development products, thereby setting a robust and forward-facing outlook toward product security at Intel.

The Power of Crowd-Sourced Security: Intel’s Bug Bounty Program

Intel has also acknowledged the power of crowd-sourced cybersecurity efforts through its Bugs Bounty program. Incentivizing external security researchers to report potential vulnerabilities has been a strategic decision. In 2023 alone, more than 246 researchers have participated in the initiative.

Initiative towards Hardware Hacking: Project Circuit Breaker

Intel has launched the Project Circuit Breaker initiative to secure its product line further. This project focuses on training researchers on hacking hardware. Taking more scrutiny of their products through these eyes aligns with Intel’s long-term strategic goals in product assurance.

The Assurance to End User

Intel aims to provide more than just products to its consumers; it offers assurance of security. This assurance is significantly valuable in today’s global environment, which is increasingly dependent on digital solutions. With Intel’s comprehensive approach to product security assurance, users can feel confident that their Intel-powered devices are diligently designed to defend against security threats.

An independent study by ABI Research substantiates Intel’s claim to leadership in the product security assurance field within the silicon industry. Intel CEO Pat Gelsinger expressed confidence in Intel’s product security assurance approach, implying it is valuable for other silicon vendors.

Intel’s exhaustive efforts to protect its digital products offer significant assurance in today’s uncertain digital landscape. It provides a robust assertion that Intel’s hardware and firmware are designed with meticulous care to repel any security threats, making Intel a trustworthy choice in an environment that grows more reliant on digital solutions every day.

Podcast Transcript