Intel launched its own bug bounty program, offering rewards of up to $30,000 for vulnerabilities.
HackerOne is running the program, which enlists white hats from all over the globe to find security vulnerabilities in various software, firmware or hardware, depending on the hiring company.
“We want to encourage researchers to identify issues and bring them to us directly so that we can take prompt steps to evaluate and correct them, and we want to recognize researchers for the work that they put in when researching a vulnerability. By partnering constructively with the security research community, we believe we will be better able to protect our customers,” officials said.
As per usual with this type of programs, the harder a vulnerability is to mitigate, the more Intel will pay white hats.
The company takes into account several factors when determining the severity of a vulnerability. It first uses the CVSS 3.0 calculator to compute a base score, which is then adjusted based on the security objectives and threat model for the given product.
For instance, a critical vulnerability for Intel Software will pay up to $7,500, while one found in the firmware will pay up to $10,000. The highest prize comes for vulnerabilities found in Intel hardware, which can go as high as $30,000.
The Intel Security products are not in-scope for the bug bounty programs, and neither are any third-party products and open source. Intel’s Web Infrastructure is also not subject to the bug bounty program. Any acquisitions the company makes are not included in the bug bounty program for the first six months after the deal is complete.