Intel touts bug bounties to hardware hackers

Website and Intel Security (McAfee) products excluded from 'Wild West' payouts scheme

Intel has launched its first bug bounty program, offering rewards of up to $30,000.

The chip maker has partnered with specialist bug bounty outfit HackerOne to create a scheme that aims to encourage hackers to hunt for flaws in Intel's hardware, firmware and software. Intel will pay up to $30,000 for critical hardware vulnerabilities (less for firmware or software holes). The more severe the impact of the vulnerability and the harder it is to mitigate, the bigger the payout.

Find bugs, bag rewards

Bug bounties have become a familiar part of the infosec ecosystem over recent years, with software vendors such as Google and Microsoft leading the charge. Over time, a greater range of vendors have joined in.

Intel Security (McAfee) products are not in-scope of the Intel bug bounty program. Flaws in third-party products and open-source code are also beyond the compass of the scheme. Intel's web infrastructure has also been excluded.

More details of the program, announced at the CanSecWest security conference, can be found in a blog post by HackerOne here. ®




More from The Register

Santamarta

WTF is Boeing on? Not just customer databases lying around on the web. 787 jetliner code, too, security bugs and all

Black Hat Fears of cyber-hijackings? That's plane crazy, says Dreamliner maker

Bad cup of Java leaves nasty taste in IBM Watson's 'AI' mouth: Five security bugs to splat in analytics gear

Worst brew than that time El Reg went on a road trip and stopped at a Denny's
Hole in fence broken through security

Oh sh*t's, 11: VxWorks stars in today's security thriller – hijack bugs discovered in countless gadgets' network code

Equipment in hospitals, factories, offices, etc potentially vulnerable to attack
Man browses his tablet and ignores the beach. Photo by shutterstock

It is with a heavy heart that we must report that your software has bugs and needs patching: Microsoft, Adobe, SAP, Intel emit security fixes

Patch Tuesday And Google drops a zero-day on Windows after deadline miss

So you can't find enough cyber-security experts to join the team. Time to dial a managed security service provider?

Backgrounder The benefits of outsourcing your IT's infosec – and what to look for. Here's our gentle guide for you
Batman. Credit: DC Comics.

Oh dear. Secret Huawei enterprise router snoop 'backdoor' was Telnet service, sighs Vodafone

We all want to see hard proof of deliberate espionage. This is absolutely not it
No bugs sign

Hot fuzz: Bug detectives whip up smarter version of classic AFL fuzzer to hunt code vulnerabilities

Flaw-spotting toolkit already has 42 zero-days to its name
editorial only image of Whitehall. Pic Daniel Gale/Shutterstock

One-time permanent DWP secretary Robert Devereux set to rock up at 'ethical' tech biz Salesforce

Exclusive UK state pension age-extender no longer forced to make ends meet on his own £1.8m pension pot

Biting the hand that feeds IT © 1998–2019