Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Intel Offers Up to $30,000 for Hardware Vulnerabilities

Intel has launched its first bug bounty program and the tech giant is prepared to offer up to $30,000 for vulnerabilities found in its products.

Intel has launched its first bug bounty program and the tech giant is prepared to offer up to $30,000 for vulnerabilities found in its products.

The bug bounty program, hosted on the HackerOne platform, covers Intel’s software, firmware and hardware. It does not cover Intel Security (McAfee) products, the company’s web infrastructure, or acquisitions completed less than six months ago. Third-party and open source applications are also not in scope of the program.

Researchers who find critical hardware vulnerabilities can earn a maximum of $30,000. Critical flaws in Intel software and firmware are worth up to $7,500 and $10,000, respectively.

The severity of a vulnerability is determined based on its CVSS 3.0 base score, and adjusted depending on the affected product’s threat model and security objectives.

Intel bug bounty program payouts

“We want to encourage researchers to identify issues and bring them to us directly so that we can take prompt steps to evaluate and correct them, and we want to recognize researchers for the work that they put in when researching a vulnerability,” Intel said.

Following the recent Vault 7 leak by WikiLeaks, which describes the CIA’s alleged hacking capabilities, Intel announced the availability of a CHIPSEC framework module that can be used to verify the integrity of EFI firmware executables.

Microsoft launches new Office bug bounty program

Microsoft also made a bug bounty announcement on Wednesday. The company has launched a new program for Office Insider Builds on Windows.

Advertisement. Scroll to continue reading.

This new bug bounty program, which runs between March 15 and June 15, promises payouts ranging from $6,000 to $15,000 for various types of vulnerabilities. Researchers can earn rewards if they find privilege escalation vulnerabilities via Office Protected View, flaws that allow macro execution by bypassing security policies, and code execution through a bypass of automatic attachment blocking policies in Outlook.

The announcement comes shortly after Microsoft decided to temporarily double bug bounty payouts for vulnerabilities found in core applications of the Office 365 suite.

Related: Researchers Use Intel SGX to Conceal Malware, Extract Private Keys

Related: Intel to Spin Off McAfee as Independent Security Firm

Related: New Intel Chips Pack Hardware Authentication Technology

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...