Intel ups bug bounty payouts to $250K
- With increased focus on Intel's security strategy following Meltdown and Spectre fallout, the company is revamping its bug bounty program and paying more for identified flaws. If a flaw is eligible for a reward, researchers can earn from $500 to $250,000.
- Intel's invitation-only bug bounty program was first installed in March 2017. Now, the company is opening up the program to all security researchers, increasing the number of people who can receive payment for finding flaws.
- Prioritizing hardware flaws over firmware and software vulnerabilities, Intel is also launching a side channel program through the end of 2018. Researchers who identify vulnerabilities that are "root-caused to Intel hardware" and "exploitable via software" can earn up to $250,000, depending on the severity of the flaw.
Following Meltdown and Spectre, Intel has had to make assurances to the computing community that it is taking security threats seriously. The two massive chip flaws dated back decades and impacted most devices relying on computing chips.
Once the flaw was publicly disclosed, Intel and other vendors rushed to release patches to fix the problem, but many of these patches negatively impacted performance. More than once Intel had to ask customers to delay deploying issued patches as it worked to develop better solutions.
While the fervor surrounding the vulnerabilities has subsided, Intel has a reputation to try and repair. Other chip vendors are joining the increasingly crowded market, and to maintain its customer base, Intel has to revamp its security approach.
Bug bounty programs are becoming a security strategy standard, with organizations relying on the security research community at large to help identify flaws. The more inclusive a program, the easier it will be for white hat hackers to participate and find vulnerabilities. With the promise of heavy incentives, researchers can find exploits before malicious actors do.
Follow Naomi Eide on Twitter