Expanding Intel’s Bug Bounty Program: New Side Channel Program, Increased Awards

By Rick Echevarria

At Intel, we believe that working with security researchers is a crucial part of identifying and mitigating potential security issues in our products. Similar to other companies, one of the ways we’ve made this part of our operating model is through a bug bounty program. The Intel® Bug Bounty Program was launched in March 2017 to incentivize security researchers to collaborate with us to find and report potential vulnerabilities. This, in turn, helps us strengthen the security of our products, while also enabling a responsible and coordinated disclosure process.

More:  Security Exploits and Intel Products (Press Kit) | Security Research Findings (Intel.com)

Coordinated disclosure is widely regarded as the best way to responsibly protect customers from security exploits. It minimizes the risk that exploitable information becomes publicly known before mitigations are available. Working closely with our industry partners and our customers, we encourage responsible and coordinated disclosure to improve the likelihood that users will have solutions available when security issues are first published. Our Bug Bounty Program supports this objective by creating a process whereby the security research community can inform us, directly and in a timely fashion, about potential exploits that its members discover.

In support of our recent security-first pledge, we’ve made several updates to our program. We believe these changes will enable us to more broadly engage the security research community, and provide better incentives for coordinated response and disclosure that help protect our customers and their data.

Updates to our program include:

  • Shifting from an invitation-only program to a program that is open to all security researchers, significantly expanding the pool of eligible researchers.
  • Offering a new program focused specifically on side channel vulnerabilities through Dec. 31, 2018. The award for disclosures under this program is up to $250,000.
  • Raising bounty awards across the board, with awards of up to $100,000 for other areas.

More details on the program, including these new updates, can be found online on the Intel security site or our HackerOne page.

We will continue to evolve the program as needed to make it as effective as possible and to help us fulfill our security-first pledge. Thank you, in advance, to all of those across the industry who choose to participate.

Rick Echevarria is vice president and general manager of Platform Security at Intel Corporation.

About Intel
Intel (NASDAQ: INTC) expands the boundaries of technology to make the most amazing experiences possible. Information about Intel can be found at newsroom.intel.com and intel.com.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

*Other names and brands may be claimed as the property of others.