Skip to main content

Intel launches its first bug bounty program

  • March 15th , 2017

 

Our friends at Intel have an exciting announcement! Their bug bounty program is live. Read all about it below and check out more details on their HackerOne security page.

Intel launches its first bug bounty program.

Today, at the CanSecWest security conference, Intel launched its first Bug Bounty program targeted at Intel Products. We want to encourage researchers to identify issues and bring them to us directly so that we can take prompt steps to evaluate and correct them, and we want to recognize researchers for the work that they put in when researching a vulnerability. By partnering constructively with the security research community, we believe we will be better able to protect our customers.

Scope and Severity Ratings

Intel Software, Firmware, and Hardware are in-scope. The harder a vulnerability is to mitigate, the more we pay.

Intel considers several factors when determining the severity of a vulnerability. Our first step is to use the CVSS 3.0 calculator to compute a base score. The base score is then adjusted up or down based on the security objectives and threat model for the given product.

Vulnerability Severity Intel Software Intel Firmware Intel Hardware
Critical Up to $7,500 Up to $10,000 Up to $30,000
High Up to $2,500 Up to $5,000 Up to $10,000
Medium Up to $1,000 Up to $1,500 Up to $2,000
Low Up to $500 Up to $500 Up to $1,000

A few details on items that are not in the program scope:

  • Intel Security (McAfee) products are not in-scope for the bug bounty program.
  • Third-party products and open source are not in-scope for the bug bounty program.
  • Intel’s Web Infrastructure is not in-scope for the bug bounty program.
  • Recent acquisitions are not in-scope for the bug bounty program for a minimum period of 6 months after the acquisition is complete.

Recent articles

Zero Daily Newsletter: Fun, yet informative, AppSec, bug bounty, and hacker news

Read the news every day, and check the usual websites? Want to get your industry news and have a little humor…

More Hardware, More Problems

Bounties are for hardware, too. Microwaves notwithstanding, there is an increasing amount of connected…

Bug fixes just got a little easier; HackerOne introduces bi-directional JIRA integration

It’s now possible to view updates on JIRA issues right inside your HackerOne Reports. The two-way integration…