INFRA
INFRA
INFRA
Intel opens bug bounty program to all with payments of up to $250K
Hot off the still ongoing drama surrounding the Meltdown and Spectre vulnerabilities in its chips, Intel Corp. has decided to expand its bug bounty program to the public.
The initial bug bounty program launched in March 2017 in conjunction with venture capital-funded Hackerone Inc. to encourage security researchers to work with Intel on finding and reporting potential vulnerabilities. Under the program, payments of up to $30,000 were available to researchers who find critical hardware vulnerabilities — a noble enough idea, but the program itself was limited in scope because it was strictly invitation-only.
Under the changes announced by Intel, which now includes payments of up to $100,000 for the core program, any security researcher can participate in the program.
“In support of our recent security-first pledge, we’ve made several updates to our program,” Rick Echevarria, vice president of the Intel Security Group and general manager of the Intel Security Division, said in a statement. “We believe these changes will enable us to more broadly engage the security research community, and provide better incentives for coordinated response and disclosure that help protect our customers and their data.”
Intel has also introduced a new limited-time bug bug bounty program for side-channel vulnerabilities with payments of up to $250,000 available to security researchers. Side-channel vulnerabilities are those found in the physical implementation of a computer system versus the algorithm running on the system — exactly what happened with both Meltdown and Spectre.
It may all sound good on paper, but some skeptics are suggesting that the new program is nothing more than a publicity stunt by Intel to counter some of the negative stories stemming from Meltdown and Spectre.
“Through its new bug bounty program, Intel is trying to wash away the image of a disastrous patching process,” Catalin Cimpanu wrote at Bleeping Computer. “In reality, the new bug bounty program is nothing more than a PR move, and even if it had been in place last year, it wouldn’t have helped.”
If you’re a security researcher or, let’s be honest, a hacker, further details of the new program are available here.
Photo: huangjiahui/Flickr
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
