Work
Play
Support
About Intel
Change Location
Search
Products
Processors
Motherboards
Chipsets
Desktop
Notebook
Server
Workstation
Business PCs
Embedded & Communications
Software
All Products
Technology
Architecture & Silicon
Product Technologies
Manufacturing
Research
Standards
Intel Developer Forum
Communities
Downloads
Reseller
Intel® Reseller Center
Intel® Distributor Resource Center
Intel® Channel Partner Program
Intel® Software Partner Program
Home
›
Security Center
›
Vulnerability Handling Guidelines
The Intel Product Security Incident Response Team (iPSIRT) proactively searches for and responds to reported security vulnerabilities in Intel products. Working with members of the security community, customers and end users the iPSIRT works to best ensure that security vulnerabilities affecting Intel production products are documented and solutions are released in a responsible fashion. Intel is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on the solution, impact, severity and mitigation.
Reporting a Potential Security Vulnerability
If you have discovered potential security vulnerability in an Intel product, please contact the iPSIRT at
WmzSkF@hIFtu.com
. It is important to include the following details:
- The products and versions affected
- Detailed description of the vulnerability
- Information on known exploits
Vulnerability information is extremely sensitive. The iPSIRT strongly recommends that all security vulnerability reports sent to Intel be encrypted using the iPSIRT PGP key. The PGP key is available
here
.
Software to encrypt messages may be obtained from:
•
PGP Corporation
•
GnuPG
Publication of Security Information
The iPSIRT publishes two types of security information at the
Intel Product Security Center
.
Security Advisories: Provide information about security vulnerabilities identified with Intel products, including any fixes, workarounds or other actions.
Security Notices: Provide information of general interest about security topics related to Intel products or the use of Intel products.
Vulnerability Handling Process
Security vulnerabilities in Intel products are actively managed through a well-defined process. The time to respond varies based on the scope of the issue. The process consists of 4 key steps:
Reporting: The process begins when the iPSIRT becomes aware of a potential security vulnerability in an Intel product. The reporter receives an acknowledgement and updates throughout the handling process.
Evaluation: The iPSIRT confirms the potential vulnerability, assesses the risk, determines the impact and assigns a processing priority. If the vulnerability is confirmed, the priority determines how the issue is handled throughout the remaining steps in the process.
Solution: Working with the product team, the iPSIRT develops a solution that mitigates the reported security vulnerability. Solutions will take different forms based on the vulnerability. In cases where a vulnerability is being actively exploited, Intel may deliver a temporary solution to contain the issue while working on the full solution.
Communication: The iPSIRT publishes a security advisory for severe issues. Less severe issues are communicated through other methods. Advisories are published at the
Intel Product Security Center
and released simultaneously to all customers. For previously unknown or unreported issues, Intel will acknowledge the reporter in the advisory if requested.
Intel supports the advancement of processes, tools and organizations to develop products that meet the security requirements of our customers and end users. Intel is an active member of
FIRST
(Forum of Incident Response and Security Teams) and works closely with Computer Emergency Response Teams and other worldwide groups.
