Intel's first bug bounty program has $30,000 top reward
Security researchers can make a lot of money by reporting bugs to software and hardware vendors. Microsoft, for instance, pays up to $15,000 for vulnerabilities in Office Insider, while Intel, through its first bug bounty program, takes things up a notch with a top reward of $30,000.
Intel's first bug bounty program was announced on HackerOne, and targets firmware, software and hardware products. Hardware vulnerabilities have the highest top reward, followed by firmware and then software.
A critical vulnerability in an Intel hardware product gets up to $30,000, while one ranked as high, medium or low is eligible for a reward of up to $10,000, $2,000, or $1,000, respectively.
As far as firmware vulnerabilities go, a critical one is eligible for a reward of up to $10,000. Meanwhile, a high vulnerability is worth up to $5,000, and medium and low vulnerabilities come with rewards of up to $1,500 and $500, respectively.
When it comes to its software, Intel will pay up to $7,500 for a critical vulnerability, up to $2,500 for a high vulnerability, $1,000 for a medium vulnerability and $500 for a low vulnerability.
"We want to encourage researchers to identify issues and bring them to us directly so that we can take prompt steps to evaluate and correct them, and we want to recognize researchers for the work that they put in when researching a vulnerability," says Intel.
Intel explains that the reward is calculated based on "several factors". "Our first step is to use the CVSS 3.0 calculator to compute a base score. The base score is then adjusted up or down based on the security objectives and threat model for the given product."
Intel is letting interested researchers know that McAfee products, third-party products, open-source products, Web infrastructure and recent acquisitions "are not in scope" for this bug bounty program. When it comes to acquisitions, vulnerabilities that pertain to them will be eligible for rewards six months after the acquisitions are complete.
To learn more about Intel's first bug bounty program, click here to visit the announcement on HackerOne.
Photo credit: pathdoc / Shutterstock