Security Software

Evolving for Today’s Security First Mindset

by Imad Sousou, Corporate Vice President and General Manager

 

As the cybersecurity landscape continues to evolve, Intel remains focused on ways we can help protect our developers and customers at the heart of our Security First pledge. Over this past year, teams across the company have continued to improve security throughout our portfolio of hardware and software, automated our patch distribution models, and taken our industry collaboration to new levels. The formation of the Intel Product Assurance and Security (IPAS) team has helped coordinate all of these efforts.

We recognize however that Intel cannot do this alone. We see the value in collaboration that is driven by the structure of the industry and interdependency between layers in the stack. We have built an approach that takes a step beyond traditional multiparty collaboration to engage the ecosystem that features unprecedented levels of coordination. The goal is to create an environment where we’re all continuously learning. This helps us to drive the meaningful change that customers and end users are counting on.

This mindset has improved how Intel develops the hardware and software we deliver and how we contribute as a member of the broader community. But, please don’t just take my word for it. I encourage you to watch the video here and hear more about what Intel leaders across the company have to say about the progress and opportunities we see in 2019 and beyond.

A Collaborative Approach to Customer Security

Experts from Intel explain how security efforts have evolved over the last year, including collaboration with partners across the ecosystem and external researchers.

From the video


Experts from various organizations across Intel explain how the company's security efforts have evolved over the last year. Intel Fellow, Ronak Singhal, includes advice for developers concerned about making their applications side channel resistant.

"We get this question: if I'm a developer writing an application, should I be worried and what should I do knowing that these issues existed or may exist in the future? And the fact is you have to understand your application and your use case. If you're writing some, what I'll call a generic application that doesn't contain secrets, then for the most part, this whole discussion about side channel vulnerabilities isn't applicable to you.

"If you are the developer of crypto routines where you may have secrets, then there are certain guidelines and best practices that you should be following to make your code side channel safe. You want to have code that is not timing dependent. You want to have code that is not branch dependent and you want to have code that takes the same path in terms of its memory accesses, because these are each things that attackers have found ways to take advantage of. But if your code looks the same regardless of what the inputs are, then it becomes much, much harder."


Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at www.intel.com.

All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps.

The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request.

Intel provides these materials as-is, with no express or implied warranties.

No product can be absolutely secure.

Intel, the Intel logo, Intel Core, Intel Atom, Intel Xeon, Intel Xeon Phi, Intel® C Compiler, Intel Software Guard Extensions, and Intel® Trusted Execution Engine are trademarks of Intel Corporation in the U.S. and/or other countries.

*Other names and brands may be claimed as the property of others.