Intel Bug Bounty Program : How You Can Earn $250,000 Hunting Bugs!

The New Intel Bug Bounty Program Requirements & Eligible Products


Intel Bug Bounty Program : How You Can Earn $250,000 Hunting Bugs!

The New Intel Bug Bounty Program Requirements

To qualify for the new Intel Bug Bounty Program, you must meet ALL of the following requirements.

  • You are reporting in an individual capacity or, if employed by another company, you have that company’s written approval to submit a report to Intel’s Bug Bounty program.
  • You are at least 18 years of age, and, if considered a minor in your place of residence, you have your parent’s or legal guardian’s permission prior to reporting.
  • You are not a resident of a US-embargoed country.
  • You are not on a US list of sanctioned individuals.
  • You are not currently nor have been an employee of Intel Corporation, or an Intel subsidiary, within 6 months prior to submitting a report.
  • You are not currently nor have been under contract to Intel Corporation, or an Intel subsidiary, within 6 months prior to submitting a report.
  • You are not a family nor household member of any individual who currently or within the past 6 months meets or met the criteria listed in the two bullet points directly above.
  • You agree to participate in testing mitigation effectiveness and coordinating disclosure / release / publication of your finding with Intel.


The New Intel Bug Report Requirements

For your Intel bug reports to be eligible for bounty award consideration, they must meet the following requirements :

  • Must be encrypted with the Intel PSIRT public PGP key.
  • Must pertain to an item explicitly listed below as “Eligible Intel products and technologies”.
  • Must identify an original and previously unreported & not publicly disclosed vulnerability.
  • Must have been tested against most recent publicly available version of the affected product or technology.
  • Must include clear documentation on the vulnerability and instructions on how to reproduce the vulnerability.
  • Must include your assessed CVSS v3 vector string, score, and rating using one of the approved CVSS v3 calculators referenced below.

The following are vulnerabilities that will not qualify for bounty awards :

  • Vulnerabilities in pre-release versions (e.g., Beta, Release Candidate).
  • Vulnerabilities in versions no longer under active support.
  • Vulnerabilities already known to Intel.
  • Vulnerabilities present in any component of an Intel product where the root-cause vulnerability in the component has already been identified for another Intel product.
  • Vulnerabilities considered out of scope as defined below.


Eligible Intel Products & Technologies

Intel Hardware

  • Processor (inclusive of micro-code ROM + updates)
  • Chipset
  • FPGA
  • Networking / Communication
  • Motherboard / System (e.g., Intel Compute Stick, NUC)
  • Solid State Drives

Intel Firmware

  • UEFI BIOS (Tiano core components for which Intel is the only named maintainer)
  • Intel Management Engine
  • Baseboard Management Controller (BMC)
  • Motherboard / System (e.g., Intel Compute Stick)
  • Solid State Drives

Intel Software

  • Device driver
  • Application
  • Tool


Meltdown + Spectre Reading Suggestions

Go Back To > First Page | Articles | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!



About The Author

Leave a Reply

%d bloggers like this: