1 stories
today

Intel opens up bug bounty program with awards up to $250,000

Intel announced today an expansion of its Bug Bounty program it launched last year, hoping to encourage security researchers around the world to find vulnerabilities in its products. As you may know, the recently discovered Meltdown and Spectre vulnerabilities hit all chip makers pretty bad, and the timing was apparently appropriate for Intel to open up its bug bounty program.

“In support of our recent security-first pledge, we’ve made several updates to our program, the company explained. “We believe these changes will enable us to more broadly engage the security research community, and provide better incentives for coordinated response and disclosure that help protect our customers and their data.”

The most important update is that the company’s bug bounty program is no longer invite-only, and all security researchers worldwide can participate. Intel is also raising up all bounty awards, with up to $100,000 rewards for researchers discovering critical vulnerabilities in Intel hardware. Additionally, the chip maker is opening a limited duration program focused on side channel vulnerabilities, with awards up to $250,000. This separate program will end on December 31, 2018.

“We will continue to evolve the program as needed to make it as effective as possible and to help us fulfill our security-first pledge,” the company added. You can learn more about how to join the program on the Intel security site.

Further reading: , ,

Do you think Intel is doing the right thing?