Expanding Intel’s Bug Bounty Program: New Side Channel Program, Increased Awards

Security Bug Bounty exploits image
At Intel, we believe that working with security researchers is a crucial part of identifying and mitigating potential security issues in our products. Similar to other companies, one of the ways we’ve made this part of our operating model is through a bug bounty program. The Intel® Bug Bounty Program was launched in March 2017 to incentivize security researchers to collaborate with us to find and report potential vulnerabilities. This in turn helps us strengthen the security of our products, while also enabling a responsible and coordinated disclosure process. 
Coordinated disclosure is widely regarded as the best way to responsibly protect customers from security exploits. It minimizes the risk that exploitable information becomes publicly known before mitigations are available. Working closely with our industry partners and our customers, we encourage responsible and coordinated disclosure to improve the likelihood that users will have solutions available when security issues are first published. Our Bug Bounty Program supports this objective by creating a process whereby the security research community can inform us, directly and in a timely fashion, about potential exploits that it discovers.  
In support of our recent security-first pledge, we’ve made several updates to our program. We believe these changes will enable us to more broadly engage the security research community, and provide better incentives for coordinated response and disclosure that help protect our customers and their data. 
Updates to our program include:
  • Shifting from an invitation-only program to a program that is open to all security researchers, significantly expanding the pool of eligible researchers.
  • Offering a new program focused specifically on side channel vulnerabilities through December 31, 2018. The award for disclosures under this program is up to $250,000
  • Raising bounty awards across the board, with awards of up to $100,000 for other areas.

More details on the program, including these new updates, can be found online on the Intel security site or our HackerOne page

We will continue to evolve the program as needed to make it as effective as possible, and to help us fulfill our security-first pledge. Thank you in advance to all of those across the industry who choose to participate.
 
Rick Echevarria is Vice President and General Manager of Platform Security at Intel. 
 
For more complete information about compiler optimizations, see our Optimization Notice.