Post-Meltdown Intel Tries to Save Face with $250,000 Bug Bounty Program

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Intel has launched a public bug bounty program with individual rewards going as far as $250,000, the company said today in a press release.

Intel had previously run a bug bounty program, but that one was limited to submissions from a few selected security researchers only.

The new bug bounty program will be hosted on the HackerOne platform, and Intel has opened up its hardware, firmware, and software products for the occasion.

Almost all Intel products are up for hacking
Any security researcher with a HackerOne account can now hunt for a selected list of bugs in Intel products such as CPUs, chipset code, SSDs, motherboards, networking cards, and their respective firmware, drivers, and OS-level applications.

In-depth details of what's in or out of scope are available on Intel's regular bug bounty page and its new HackerOne profile.

Based on the bugs they find, researchers could be earning anything from $500 to $250,000.

Intel is running two bug bounty programs
There are actually two bug bounty programs. One is the normal bug bounty program with rewards from $500 to $100,000, and a second bug bounty program for side channel bugs.

The top dollars will go to researchers who discover side-channel bugs, and researchers could make from $5,000 to $250,000. This program will end on December 31, 2018.

According to Intel, side channel bugs are those vulnerabilities rooted in the component's hardware design and which are exploitable via local software. Meltdown and Spectre are side channel bugs.

Intel says it will pay researchers based on the vulnerability's CVSS v3.0 severity scale.

It's a PR stunt. The problem wasn't bug reporting.
Through its new bug bounty program, Intel is trying to wash away the image of a disastrous patching process. In reality, the new bug bounty program is nothing more than a PR move, and even if it had been in place last year, it wouldn't have helped.

Intel received notice of the Meltdown and Spectre bugs in June 2017, but it took four months to notify downstream OEMs about issues —doing so in November.

Despite this, when public disclosure came around, Intel did not have CPU microcode patches available for OEM vendors, and the Meltdown and Spectre flaws are still largely unpatched even today.
 

MeltdownEnemy

Level 7
Verified
Well-known
Jan 25, 2018
300
It's nice to see them crack their faces with those cheap tricks, because the truth of their answer does not helping any client at all. the damage is already done from the pan!:ROFLMAO:
 
  • Like
Reactions: upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top