Intel Expands Bug Bounty Program, Now Open to All

Intel has made some significant changes to its Bug Bounty Program by expanding it to allow more people to participate. Originally the Bug Bounty Program, which pays security researchers for finding flaws in Intel products, was an invite-only program. If you weren’t invited to participate, you couldn’t get paid if you found a bug. This program first launched in March 2017.

What the chipmaker wants is for these security researchers to use responsive and coordinated disclosure practices so that the flaws discovered are disclosed when it can patch them to reduce exploitable information from being made public before flaws can be addressed. The main update to the program is a move to an open program that any researcher can participate in.

Intel has also offered a new program that is specifically for side channel vulnerabilities that will run through December 31, 2018. That new program has an award for disclosures that is up to $250,000. Intel is also raising bounties across the board with awards of up to $100,000 for other areas. Details can be found on the Intel HackerOne page.

Intel wrote, “Coordinated disclosure is widely regarded as the best way to responsibly protect customers from security exploits. It minimizes the risk that exploitable information becomes publicly known before mitigations are available. Working closely with our industry partners and our customers, we encourage responsible and coordinated disclosure to improve the likelihood that users will have solutions available when security issues are first published. Our Bug Bounty Program supports this objective by creating a process whereby the security research community can inform us, directly and in a timely fashion, about potential exploits that its members discover.”