Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • The Security Leadership Issue
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

The role of transparency in establishing security assurance

By Jerry Bryant
cyber security freepik

<a href='https://www.freepik.com/vectors/background'>Background vector created by pikisuperstar - www.freepik.com</a>

April 23, 2021

Today’s cybersecurity landscape is evolving rapidly, and new threats are growing in volume and sophistication every year. In fact, according to IDC, over half of the more than 160,000 new vulnerabilities documented in the past two decades emerged in just the last five years. As such, the technology industry must work together to improve security assurance and earn customer trust and confidence. Transparency is a cornerstone of security assurance and should be a core value among more organizations across the technology ecosystem.

But how do you build that transparency? There are several key components that serve as the building blocks of transparency and security assurance. Here are five key areas to consider.

  • The Security Development Lifecycle – Is security a core focus during product planning and assessment, architecture, design, implementation, release and post-deployment support? It should be. Organizations should create and adhere to robust policies and procedures that help ensure their teams integrate security principles and privacy tenets at each step of product development, from concept through retirement.
  • Compute Lifecycle Assurance – Establishing an end-to-end security assurance framework that can be applied across the entire lifecycle of any product can help to improve transparency and provide better security. In the hardware space, this means prioritizing security assurance from design and build, to transfer, operations and retirement, and creating a community to address supply chain assurance and transparency at every stage. By enabling transparency and assurance across a platform’s entire lifecycle, supply chain owners can improve platform integrity, resilience, and security.
  • Proactive Investment in Security Research – Another critical element of transparency is actively identifying and mitigating potential security vulnerabilities. Organizations should be investing in and supporting internal offensive security research teams, championing purple team culture (collaboration between red and blue teams), and supporting external security researcher contributions through bug bounty programs and research grants. These steps represent a proactive approach to establishing product security assurance and ensuring customers can trust an organization’s ability to effectively unearth, mitigate and disclose vulnerabilities collaboratively and reliably.
  • Community Support and Policy Advocacy – Collaboration is key to elevating security assurance. This involves cross-functional work among industry partners, academic institutions and governance organizations on policy, standards, mitigations and research to accelerate a shared understanding of security. At Intel, we collaborate with leading operating system, hypervisor, and cloud service providers, to develop microarchitectural solutions that benefit the global technology ecosystem at large.

It also can be important to participate in industry consortiums and standard bodies to help ensure that technology designs meet evolving security, privacy and safety standards. Some examples include the Trusted Computing Group (TCG), the Confidential Computing Consortium (CCC), the 3rd Generation Partnership Project (3GPP), the National Institute of Standards and Technology (NIST), and the International Organization for Standardization (ISO).

As vulnerability research and attack methods continue to become more sophisticated, it’s also important to support the evolution of industry product design, assurance and risk management standards. MITRE and various industry leaders are working to extend the existing community-driven software-oriented Common Weakness Enumeration system to include new hardware weaknesses, as well as enhance its Common Vulnerabilities and Exposures (CVE) and Common Attack Pattern Enumeration and Classification (CAPEC) systems. Other such opportunities include ongoing efforts by the Forum of Incident Response and Security Teams (FIRST) focused on Common Vulnerability Scoring System (CVSS) and the Product Security Incidence Response Teams (PSIRT) special interest group (SIG).

  • Public Security Reporting – It’s not enough to simply identify and mitigate product vulnerabilities effectively. An important aspect of establishing security assurance is public disclosure. Industry leaders must raise the bar for transparency by making product security metrics available within the market. This should include details on internally and externally identified threats, and more.

In light of the various breaches and critical vulnerabilities identified over the past decade, the technology industry as a whole has begun to focus more heavily on security. But you can’t earn security trust by simply making grand public declarations. It can’t be all talk. So how do you put transparency into action?

At Intel, for instance, we heavily invest in all of these areas. We also produce annual product security reports that demonstrate the capability and maturity of our processes and provide a transparent view into how we continue to raise the bar on product security assurance. Here are several key findings from the Intel 2020 Product Security Report released on March 3, 2021:

  • Intel’s product security assurance programs were directly responsible for identifying and addressing 92% of the potential product vulnerabilities addressed.
  • Intel employees discovered 47% (109) of the 231 CVEs published in 2020.
  • Intel’s Bug Bounty program is responsible for identifying another 45% (105) of the 231 CVEs published in 2020.
  • Intel researchers found 69% of the total firmware vulnerabilities reported in 2020, while external researchers were responsible for reporting 83% of software issues (mainly device drivers and software utilities).
  • None of the 231 vulnerabilities addressed in 2020 were known to be used in actual attacks at the time of public disclosure.

Unforeseen security vulnerabilities are a fact of life in today’s technology landscape. Security is a collective, shared responsibility, and it takes cooperation among vendors, system providers and end users to implement mitigations quickly and effectively. But without a commitment to security transparency – particularly from technology industry leaders and vendors – building public trust and security assurance simply isn’t possible. The above elements are powerful methods for improving product security and can serve as catalysts for growing public trust and confidence.

KEYWORDS: cyber security information security product security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jerry bryant

Jerry Bryant is the Senior Director of Security Communication, Product Assurance and Security (IPAS) at Intel.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Drones: A Security Tool, Threat and Challenge - Security Magazine

    The role of drones in bolstering the operational efficiency of today’s security measures

    See More
  • Cannabis growing center

    The crucial role of security and compliance in the cannabis industry

    See More
  • The Role of Universities in Preparing the Next Generation of Security Professionals

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • Hospitality-Security.gif

    Hospitality Security: Managing Security in Today's Hotel, Lodging, Entertainment, and Tourism Environment

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!