Intel boosts its Bug Bounty Program rewards to $250,000


Intel isn't the only company affected by the recent spate of processor-related security vulnerabilities, but the ubiquity of the silicon giant's chips and some of its design decisions over the years have made its products the juiciest targets. The company started its Bug Bounty Program last March in an effort to get security researchers to approach Intel before they release their findings to the public. The chipmaker is now expanding that program by opening it up to any participant and increasing the maximum bounty to the princely sum of $250,000.

Intel says the bounty program allows it to work with researchers to develop responses to security flaws before the knowledge of any vulnerabilities spread to the public. The company says the changes to the program are part of the "Security-First Pledge" it made to its customers last month. Intel is seeking bug reports related to its hardware, firmware, and software products, including CPUs, chipsets, FPGAs, SSDs, device drivers, and applications.

Aside from the larger prizes, the biggest change to the program is its move from an invitation-only affair to an open forum for security researchers that meet its eligibility requirements. The maximum quarter-million-dollar bounty is part of a program to identify side-channel vulnerabilities and is available only until the end of this year. Awards in other hardware-related areas top out at $100,000, and researchers can bag maximum bounties of $30,000 when it comes to firmware and $10,000 for identification of critical software bugs. Intel offers additional details on its security page.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.