Intel ups bug bounty payouts to $250K

Adjust Comment Print

Initially, the only way that hackers or security researchers could participate was to receive an invite from Intel.

The reward is part of the firm's updated bug bounty programme, which it has switched from an invitation-only initiative to a public one in a bid to prevent any future Meltdown and Spectre-type exploits.

"Through its new bug bounty program, Intel is trying to wash away the image of a disastrous patching process", Catalin Cimpanu wrote at Bleeping Computer.

The program has been invitation-only since launching in March past year, meaning only a select few have been able to report potential vulnerabilities.

Intel has also recently made a "security-first pledge", which includes releasing fixes for older chips and developing new hardware architectures that prioritize security.

"Working closely with our industry partners and our customers, we encourage responsible and coordinated disclosure to improve the likelihood that users will have solutions available when security issues are first published. It minimises the risk that exploitable information becomes publicly known before mitigations are available", said Intel's VP and GM of platform security, Rick Echevarria.

Following Meltdown and Spectre, Intel has had to make assurances to the computing community that it is taking security threats seriously. This program will pay out up to $250,000 for vulnerabilities found and reported per program rules.

In a blog post, Rick Echevarria, Intel's vice president and general manager of platform security, said the main changes in the bug bounty program include moving it from invitation only, to opening it to all security researchers, and offering a new program that runs until December 31, 2018 that will pay up to $250,000 for the finding of "side channel vulnerabilities", or the types of flaws similar to Spectre. The company will also increase the amount it awards for the discovery (and confidential reporting) of general security vulnerabilities to $100,000.