Intel Bug Bounty Program : How You Can Earn $250,000 Hunting Bugs!

Contents

The Intel Bug Bounty Program was launched in March 2017, but after Meltdown and Spectre, Intel kicked it up a notch. Find out how you can earn up to $250,000 hunting bugs!

 

The New Intel Bug Bounty Program

The Intel Bug Bounty Program was created to incentivise security researchers to hunt for bugs in Intel’s products. However, it was an invitation-only program, which greatly limited the pool of eligible bug hunters.

On 14 February 2018, Rick Echevarria, the Vice President and General Manager of Platform Security at Intel, announced the expansion of the Intel Bug Bounty Program. Here are the changes :

  • The Intel Bug Bounty Program is no longer invitation-only. Anyone who meets the minimum requirements are eligible to participate.
  • Intel created a new bounty targeted specifically at side channel vulnerability (like Meltdown and Spectre). This bounty ends on 31 December 2018, and pays up to $250,000.
  • Intel also raised bounty awards across the board, with awards of up to $100,000 for other vulnerabilities.

 

The New Intel Bug Bounty Awards

Vulnerability Severity Intel Software Intel Firmware Intel Hardware
Critical (9.0 – 10.0) Up to $10,000 Up to $30,000 Up to $100,000
High (7.0 – 8.9) Up to $5,000 Up to $15,000 Up to $30,000
Medium (4.0 – 6.9) Up to $1,500 Up to $3,000 Up to $5,000
Low (0.1 – 3.9) Up to $500 Up to $1000 Up to $2,000
  • Intel will award a Bounty for the first report of a vulnerability with sufficient details to enable reproduction by Intel.
  • Intel will award a Bounty from $500 to $250,000 USD depending on the nature of the vulnerability and quality & content of the report.
  • The first external report received on an internally known vulnerability will receive a maximum of $1,500 USD Award.
  • The approved CVSS calculators which may be used for determining the baseline Severity of all reported vulnerabilities shall be either the NVD CVSSv3 calculator or the FIRST CVSSv3 calculator at Intel’s sole discretion.[adrotate group=”2″]
  • Intel will publicly recognize security researchers on advisories and Bug Bounty collateral, at or after the time of public disclosure of the vulnerability, if & as agreed to by the researcher who reported the vulnerability.
  • Awards are limited to one (1) Bounty Award per eligible root-cause vulnerability. If that vulnerable component is present in other Intel products, a Bounty Award will be paid only for the first reported product instance. Intel, at its sole discretion, will decide whether the reported vulnerability is the first reported product instance of that root-cause vulnerability.

 

The Side Channel Vulnerability Bounty Awards

This is a time-limited bounty that ends on 31 December 2018, and is limited to bugs that are :

  • root-caused to Intel hardware
  • exploitable via software
Vulnerability Severity Intel Hardware w/ Side Channel Exploit through Software
Critical (9.0 – 10.0) Up to $250,000
High (7.0 – 8.9) Up to $100,000
Medium (4.0 – 6.9) Up to $20,000
Low (0.1 – 3.9) Up to $5,000

Next Page > The Program Requirements & Eligible Products

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Leave a ReplyCancel reply