Intel Expands Bug Bounty Program To All, Adds Side-Channel Payouts Up To $250,000

Intel has been operating its Bug Bounty Program for nearly a year now, with the program originally launching back in March 2017. Initially, the only way that hackers or security researchers could participate was to receive an invite from Intel. Without that invite, you could find all the bugs you wanted, but Intel wouldn't pay you for them.

Intel this week announced that it has made changes to that program and one of the biggest is that anyone can now get paid for finding bugs if they follow the program rules. Those rules revolve around using coordinated disclosure practices. What that really means is that Intel must know about the flaw and be given time to address the flaw before any public disclosure of a vulnerability is made. Intel says that allows it to strengthen the security of its products.

coffee lake

Intel wrote, "Coordinated disclosure is widely regarded as the best way to responsibly protect customers from security exploits. It minimizes the risk that exploitable information becomes publicly known before mitigations are available. Working closely with our industry partners and our customers, we encourage responsible and coordinated disclosure to improve the likelihood that users will have solutions available when security issues are first published. Our Bug Bounty Program supports this objective by creating a process whereby the security research community can inform us, directly and in a timely fashion, about potential exploits that its members discover."

Opening the doors of the Bug Bounty program to all researchers isn’t the only big change that Intel has made. The chipmaker is also offering a new program that is specifically focused on finding side channel vulnerabilities. This program will pay out up to $250,000 for vulnerabilities found and reported per program rules. The catch here is that the side channel bounty program has an expiration date of December 31, 2018. In addition to the mentioned changes, Intel is also raising bounties across the board with awards of up to $100,000 for other areas. Intel says more information can be found on its HackerOne page for those interested in participating in the expanded program.

Intel wrote, "We will continue to evolve the program as needed to make it as effective as possible and to help us fulfill our security-first pledge. Thank you, in advance, to all of those across the industry who choose to participate."