Intel has just released a new 2021 product security report detailing the number of bugs that were found in its hardware during the course of last year. The report touches on both Intel processors and graphics cards.
According to Intel, it has encountered around 50% fewer bugs than AMD, and nearly half of its GPU vulnerabilities come from AMD components.
Intel’s report is comprehensive and talks about not just the raw numbers of discovered bugs, but also how they were discovered and categorized, as well as the sources of some of the vulnerabilities. Although the report is packed full of information, it’s important to view it with some skepticism as it comes from Intel itself. Other sources may be able to supply it with additional insights.
Intel says that a total of 16 processor security flaws were found in 2021. Six of these were found by external researchers as part of Intel’s bug bounty program and 10 were discovered by Intel itself. This puts it in a better position than AMD processors, which encountered 31 bugs over the course of the year, or about 50% more than Intel.
Things are looking a bit worse when it comes to Intel GPUs. Of course, most of these are integrated graphics — aside from Intel Xe DG1 graphics, Intel hasn’t had any other discrete graphics cards in 2022. This will change with the upcoming release of Intel Arc Alchemist.
In the GPU section, Intel reports a total of 51 vulnerabilities, of which 15 were found internally and 36 were discovered thanks to Intel’s bounty initiative. AMD had only had 27 reported graphics bugs in 2021, so in theory, that puts AMD ahead of Intel by a large margin. However, Intel claims that the majority of its graphics bugs actually come from AMD chips.
Out of the 51 bugs found within Intel graphics, the company claims that 23 were caused by AMD components, namely the Radeon RX Vega M graphics chip found within some Intel Kaby Lake-G processors. As reported by Tom’s Hardware, these chips — which paired Intel’s 8th-generation CPU with integrated AMD graphics — were found in some laptops, such as the Dell XPS 15 2-in-1, or in the Hades Canyon NUC. The vulnerabilities found within the AMD graphics still have to classify as Intel bugs due to being part of Intel’s own chip, but they seem to not have been caused directly by Intel hardware.
Intel has also reported that its own research accounts for 50% of the discovered vulnerabilities, while 43% were caught by external researchers through the bounty program and 7% were found from organizations and projects that cannot benefit from Intel’s bug hunting project. The company reports a year-over-year increase in the number of vulnerabilities discovered through its own efforts, be it through the bounty program or Intel’s research. Many companies offer bounties to hackers who find vulnerabilities within their software — as an example, Apple has recently paid a student $100,500 for hacking a Mac.
The company seems eager to continue expanding the bug bounty initiative, as it has just announced Project Circuit Breaker which is essentially a major extension of the already existing program. As part of this initiative, Intel will invite researchers to hacking events in order to find vulnerabilities. It also plans to provide them with early access to its software and hardware.
