Intel has joined the likes of Microsoft, Google, and Apple in launching a public bug bounty programme, promising payouts for researchers able to discover vulnerabilities in its hardware, firmware, and software products.
Bug bounties, where members of the public are invited to find security vulnerabilities in products and services in exchange for cash payouts, are becoming increasingly popular. In August last year Apple launched its first public bug bounty programme
, while earlier this month Microsoft and Google increased the payouts in their own programmes
and Rockstar Games launched its own
in an attempt to improve the security of its web services. Now, you can add Intel to the mix: the company has partnered with bug bounty programme platform HackerOne to launch bounties of its own.
Under the terms of the programme, payouts are offered for verified security vulnerabilities in Intel's software, firmware, and hardware products, with some notable exclusions: Intel Security products, from the company formerly known as McAfee, are explicitly excluded, as are Intel's web infrastructure, third-party and open-source programmes and platforms used by Intel, and any acquisitions the company has made until at least six months have passed - giving Intel a chance to review the code for security vulnerabilities itself.
The payouts available depend on what is discovered: finding a flaw in Intel's software products will net you between $500 to $7,500 depending on severity; flaws in firmware will earn $500 to $10,000, again depending on severity; while the big money is in bugs found in Intel's hardware products, including its processors, which can earn you $1,000 to $30,000 depending on severity.
Intel's HackerOne page is live now
, but the company has not yet populated it with details nor provided a public link for claiming a bounty.