by Imad Sousou, Corporate Vice President and General Manager
As the cybersecurity landscape continues to evolve, Intel remains focused on ways we can help protect our developers and customers at the heart of our Security First pledge. Over this past year, teams across the company have continued to improve security throughout our portfolio of hardware and software, automated our patch distribution models, and taken our industry collaboration to new levels. The formation of the Intel Product Assurance and Security (IPAS) team has helped coordinate all of these efforts.
We recognize however that Intel cannot do this alone. We see the value in collaboration that is driven by the structure of the industry and interdependency between layers in the stack. We have built an approach that takes a step beyond traditional multiparty collaboration to engage the ecosystem that features unprecedented levels of coordination. The goal is to create an environment where we’re all continuously learning. This helps us to drive the meaningful change that customers and end users are counting on.
This mindset has improved how Intel develops the hardware and software we deliver and how we contribute as a member of the broader community. But, please don’t just take my word for it. I encourage you to watch the video here and hear more about what Intel leaders across the company have to say about the progress and opportunities we see in 2019 and beyond.
A Collaborative Approach to Customer Security
Experts from various organizations across Intel explain how the company's security efforts have evolved over the last year. Intel Fellow, Ronak Singhal, includes advice for developers concerned about making their applications side channel resistant.
"We get this question: if I'm a developer writing an application, should I be worried and what should I do knowing that these issues existed or may exist in the future? And the fact is you have to understand your application and your use case. If you're writing some, what I'll call a generic application that doesn't contain secrets, then for the most part, this whole discussion about side channel vulnerabilities isn't applicable to you.
"If you are the developer of crypto routines where you may have secrets, then there are certain guidelines and best practices that you should be following to make your code side channel safe. You want to have code that is not timing dependent. You want to have code that is not branch dependent and you want to have code that takes the same path in terms of its memory accesses, because these are each things that attackers have found ways to take advantage of. But if your code looks the same regardless of what the inputs are, then it becomes much, much harder."