UPDATED 21:44 EST / FEBRUARY 14 2018

INFRA

Intel opens bug bounty program to all with payments of up to $250K

Hot off the still ongoing drama surrounding the Meltdown and Spectre vulnerabilities in its chips, Intel Corp. has decided to expand its bug bounty program to the public.

The initial bug bounty program launched in March 2017 in conjunction with venture capital-funded Hackerone Inc. to encourage security researchers to work with Intel on finding and reporting potential vulnerabilities. Under the program, payments of up to $30,000 were available to researchers who find critical hardware vulnerabilities — a noble enough idea, but the program itself was limited in scope because it was strictly invitation-only.

Under the changes announced by Intel, which now includes payments of up to $100,000 for the core program, any security researcher can participate in the program.

“In support of our recent security-first pledge, we’ve made several updates to our program,”  Rick Echevarria, vice president of the Intel Security Group and general manager of the Intel Security Division, said in a statement. “We believe these changes will enable us to more broadly engage the security research community, and provide better incentives for coordinated response and disclosure that help protect our customers and their data.”

Intel has also introduced a new limited-time bug bug bounty program for side-channel vulnerabilities with payments of up to $250,000 available to security researchers. Side-channel vulnerabilities are those found in the physical implementation of a computer system versus the algorithm running on the system — exactly what happened with both Meltdown and Spectre.

It may all sound good on paper, but some skeptics are suggesting that the new program is nothing more than a publicity stunt by Intel to counter some of the negative stories stemming from Meltdown and Spectre.

“Through its new bug bounty program, Intel is trying to wash away the image of a disastrous patching process,” Catalin Cimpanu wrote at Bleeping Computer. “In reality, the new bug bounty program is nothing more than a PR move, and even if it had been in place last year, it wouldn’t have helped.”

If you’re a security researcher or, let’s be honest, a hacker, further details of the new program are available here.

Photo: huangjiahui/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU