Driving a Security-Focused Mindset

Central to research efforts is raising the security acumen and practices of our employees to encourage every architect, developer, designer, and validator to think like a hacker and break what they build, through:

Security Belt Program

This multi-level training program follows industry best-practices, creating a formalized process for our employees to develop and demonstrate technical expertise across hardware and software security. 

Initial belt levels focus on web-based courses, manager/mentor discussions, and participation in activities designed not only to acquire knowledge but to apply it directly to product development. These include White (awareness), Yellow (learner), and Green (practitioner) belts. 

Advanced belt levels require demonstration of significant security acumen through activities such as presenting, mentoring, publishing, and innovating/enhancing product security. The levels progress from Blue (expert) to Brown (leader), culminating in the Black Belt (visionary) certification recognizing the highest levels of leadership within Intel and externally.

Security Tools

We invest in hardware automated security verification tooling for more effective testing.  Hardware security is a complex, relatively new discipline; as such, well-established security assurance automation solutions aren’t available and design methodologies have not been standardized across the industry.

Intel is pioneering automation and tooling for hardware security, including new security assurance methods. One example: we collaborated with MITRE in the implementation of the first-ever, industry-wide taxonomy standard called Hardware Common Weakness Enumeration (CWE).
 

Security Development Lifecycle (SDL) Enhancements

SDL is always evolving to recognize the changing technology and threat landscape as well as best practices. It also evolves with the security experts at Intel as we adapt the requirements to different products and methodologies.