Skip to main content

Intel launches its first bug bounty program

  • March 15th , 2017

 

Our friends at Intel have an exciting announcement! Their bug bounty program is live. Read all about it below and check out more details on their HackerOne security page.

Intel launches its first bug bounty program.

Today, at the CanSecWest security conference, Intel launched its first Bug Bounty program targeted at Intel Products. We want to encourage researchers to identify issues and bring them to us directly so that we can take prompt steps to evaluate and correct them, and we want to recognize researchers for the work that they put in when researching a vulnerability. By partnering constructively with the security research community, we believe we will be better able to protect our customers.

Scope and Severity Ratings

Intel Software, Firmware, and Hardware are in-scope. The harder a vulnerability is to mitigate, the more we pay.

Intel considers several factors when determining the severity of a vulnerability. Our first step is to use the CVSS 3.0 calculator to compute a base score. The base score is then adjusted up or down based on the security objectives and threat model for the given product.

Vulnerability Severity Intel Software Intel Firmware Intel Hardware
Critical Up to $7,500 Up to $10,000 Up to $30,000
High Up to $2,500 Up to $5,000 Up to $10,000
Medium Up to $1,000 Up to $1,500 Up to $2,000
Low Up to $500 Up to $500 Up to $1,000

A few details on items that are not in the program scope:

  • Intel Security (McAfee) products are not in-scope for the bug bounty program.
  • Third-party products and open source are not in-scope for the bug bounty program.
  • Intel’s Web Infrastructure is not in-scope for the bug bounty program.
  • Recent acquisitions are not in-scope for the bug bounty program for a minimum period of 6 months after the acquisition is complete.

Recent articles

Bug Bounty Field Manual: The Definitive Guide for Planning, Launching, and Operating a Successful Bug Bounty Program

H1-415 Hackathon Delivers to Customers, Community, and Hackers

Just a few short weeks ago, an elite group of hackers huddled in conference rooms in a San Francisco high-rise…

Introducing CWE-based Weaknesses

HackerOne updated their vulnerability taxonomy to include a more complete weakness suite based on the industry-…