The Intel bug bounty program named Project Circuit Breaker aims to bring together elite hackers to fix vulnerabilities in firmware, hypervisors, GPUs, chipsets and more. The project expands on Intel’s existing bug bounty programs where the company invites security researchers to report any issue they find. The existing program rewards experts and researchers who point out vulnerabilities in existing Intel products and technologies.
Intel Product Security Incident Response Team (PSIRT) and Bug Bounty director Katie Noble said, “Project Circuit Breaker is possible thanks to our cutting-edge research community. This program is part of our effort to meet security researchers where they are and create more meaningful engagement. We invest in and host bug bounty programs because they attract new perspectives on how to challenge emerging security threats – and Project Circuit Breaker is the next step in collaborating with researchers to strengthen the industry’s security assurance practices, especially when it comes to hardware. We look forward to seeing how the program will evolve and to introducing new voices to the meaningful work that we do.”
Through Project Circuit Breaker, Intel is offering training to cybersecurity researchers, time-boxed events, and creating new opportunities to build a community focused on providing optimum quality products.
As part of the new project, Intel has launched the Camping with Tigers initiative with a group of 20 researchers in December 2021. The researchers received systems with Intel Core i7 processors and the program will end in May 2022. Bounty multipliers are offered at three milestones as researchers scour Intel’s Core i7 processors (formerly Tiger Lake) for eligible vulnerabilities.
Intel’s Commitment to Security
In the words of Intel CEO Patrick Gelsinger, “The security of our products is one of our most important priorities. We strive to design, manufacture and sell the world’s most secure technology products, and we are continuously innovating and enhancing security capabilities of our products.”
Intel’s long-standing commitment to security led it to set up the Intel Security Architecture Forum (SAFE) which provides security architecture reviews for the company’s team. When the Covid-19 pandemic hit, causing a rise in cybersecurity attacks, the tech company refreshed its Intel-Security First Pledge that aims to protect customer data and provide high-quality products.
The Bug Bounty program was first opened to the public in 2018. For those who report relevant issues, the rewards can vary from $500 to $100,000. Out of the total 113 external vulnerabilities that were detected in 2021, 97 were brought to Intel’s attention via the bug bounty program. Intel has consistently sought to emphasize its focus on security, by expanding its team of researchers and by inviting industry experts to collaborate with their teams.
Reiterating Intel’s commitment to security, Chief Technology Officer Greg Lavender mentions, “As cyber security threats advance and attack surfaces increase, Intel is helping customers respond to attack vectors and keep their systems and data better protected by building layers of defense using our hardware, software and security assurance expertise. We’re driving to innovate beyond what we once thought possible.”
Meanwhile, other tech giants like Apple, Microsoft, and Google offer rewards as high as $1,500,000 to researchers for reporting critical issues, depending on its severity. In July of last year, Google reported that it paid over $29 million in bug bounties for successfully identifies bugs in its apps and services.
Apart from the bug bounty program, Intel partners with the academic community to fine tune its products and to lead cutting-edge cyber security research. The computer chip giant also launched Intel’s Intigriti bug bounty program on December 6, 2021, which applies a 12-month bonus incentive to bug bounty rewards. They also lifted the ceiling for most rewards on finding critical bugs from $100,000 to $150,000.