The New Intel Bug Bounty Program Requirements & Eligible Products
The New Intel Bug Bounty Program Requirements
To qualify for the new Intel Bug Bounty Program, you must meet ALL of the following requirements.
- You are reporting in an individual capacity or, if employed by another company, you have that company’s written approval to submit a report to Intel’s Bug Bounty program.
- You are at least 18 years of age, and, if considered a minor in your place of residence, you have your parent’s or legal guardian’s permission prior to reporting.
- You are not a resident of a US-embargoed country.
- You are not on a US list of sanctioned individuals.
- You are not currently nor have been an employee of Intel Corporation, or an Intel subsidiary, within 6 months prior to submitting a report.
- You are not currently nor have been under contract to Intel Corporation, or an Intel subsidiary, within 6 months prior to submitting a report.
- You are not a family nor household member of any individual who currently or within the past 6 months meets or met the criteria listed in the two bullet points directly above.
- You agree to participate in testing mitigation effectiveness and coordinating disclosure / release / publication of your finding with Intel.
The New Intel Bug Report Requirements
For your Intel bug reports to be eligible for bounty award consideration, they must meet the following requirements :
- Must be encrypted with the Intel PSIRT public PGP key.
- Must pertain to an item explicitly listed below as “Eligible Intel products and technologies”.
- Must identify an original and previously unreported & not publicly disclosed vulnerability.
- Must have been tested against most recent publicly available version of the affected product or technology.
- Must include clear documentation on the vulnerability and instructions on how to reproduce the vulnerability.
- Must include your assessed CVSS v3 vector string, score, and rating using one of the approved CVSS v3 calculators referenced below.
The following are vulnerabilities that will not qualify for bounty awards :
- Vulnerabilities in pre-release versions (e.g., Beta, Release Candidate).
- Vulnerabilities in versions no longer under active support.
- Vulnerabilities already known to Intel.
- Vulnerabilities present in any component of an Intel product where the root-cause vulnerability in the component has already been identified for another Intel product.
- Vulnerabilities considered out of scope as defined below.
Eligible Intel Products & Technologies
- Processor (inclusive of micro-code ROM + updates)
- Networking / Communication
- Motherboard / System (e.g., Intel Compute Stick, NUC)
- Solid State Drives
- UEFI BIOS (Tiano core components for which Intel is the only named maintainer)
- Intel Management Engine
- Baseboard Management Controller (BMC)
- Motherboard / System (e.g., Intel Compute Stick)
- Solid State Drives
- Device driver
Meltdown + Spectre Reading Suggestions
- Everything On The Meltdown + Spectre CPU Flaws!
- The Complete List Of CPUs Vulnerable To Meltdown / Spectre
- The Microsoft Spectre + Meltdown Patch Schedule
- The Intel Spectre Reboot Issue – Everything You Need To Know!
- Intel Penryn CPUs Also Vulnerable To Meltdown + Spectre
- The Complete AMD Spectre Mitigation Strategy Guide
- The Apple Spectre + Meltdown Patches Detailed
- These Windows 10 Updates Are Bricking AMD PCs!
- Pre-2016 Intel CPUs Hit Worst By Meltdown + Spectre Fix
- Yes, AMD CPUs Are Also Vulnerable To Spectre 2 Exploit
- AMD K10 And K8 Processors Also Vulnerable To Spectre
- KB3078130 : Emergency Windows Update To Disable Intel Spectre Patches!
Go Back To > First Page | Articles | Home