Skip to main content

Intel opens bug hunt to all security researchers, offers possible $250K payout

Want to make a quick $250,000? Who doesn’t, right? If you have the know-how to hunt down vulnerabilities in hardware and software, then that high-dollar reward could be within your grasp. Intel is now offering an updated bug bounty program until December 31, 2018, setting that nice little chunk of change as the maximum payout for hunting down “side-channel vulnerabilities.” These vulnerabilities are hidden flaws in typical software and hardware operations that could potentially lead hackers to sensitive data, like the recent Meltdown and Spectre exploits. 

“In support of our recent security-first pledge, we’ve made several updates to our program,” the company says. “We believe these changes will enable us to more broadly engage the security research community and provide better incentives for coordinated response and disclosure that help protect our customers and their data.” 

Intel originally launched its Bug Bounty Program in March 2017 as an invitation-only plan for select security researchers. Now the program is open to all in hopes of minimizing another Meltdown-type discovery by using a wider pool of researchers. The company is also raising the reward amounts for all other bounties, some of which offer up to $100,000. 

Intel’s list of requirements for reporting side-channel vulnerabilities is somewhat short, including the 18-year-old age requirement, a six-month gap between working with Intel and reporting an issue, among other requirements. All reports must be encrypted with the Intel PSIRT public PGP key, they must identify an original undisclosed problem, include CVSS v3 calculation results, and so on. 

Intel wants security researchers to hunt down bugs in its processors, chipsets, solid state drives, stand-alone products like NUCs, networking and communication chipsets, and field-programmable gate array integrated circuits. Intel also lists five types of firmware, and three types of software that fall under its bug bounty umbrella: drivers, applications, and tools. 

Intel will award a Bounty for the first report of a vulnerability with sufficient details to enable reproduction by Intel,” the company states. “Intel will award a Bounty from $500 to $250,000 USD depending on the nature of the vulnerability and quality & content of the report. The first external report received on an internally known vulnerability will receive a maximum of $1,500 USD Award.” 

In January, researchers went public with a vulnerability found in processors dating back to 2011 that allows hackers to access the system memory and grab sensitive data. The attack vector takes advantage of a method processors use to predict the outcome of a process string. Using this predictive technique, processors store sensitive data in the system memory in an unsecured state. 

One method of gaining access to this data is called Meltdown, which requires special software to capture the data. With Spectre, hackers could trick legitimate apps and programs into coughing up the sensitive data. Both methods are theoretical, and currently not actively exploited in the wild, yet Intel seemed somewhat embarrassed over the potential issues. 

“We will continue to evolve the program as needed to make it as effective as possible and to help us fulfill our security-first pledge,” Intel promises. 

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Target slashed the price of this CLX gaming PC with RTX 4080
The CLX Horus on a white background.

For one of the best gaming PC deals around, Target is the surprise place to go today. Currently, you can buy a CLX Horus Gaming PC with a powerful Nvidia GeForce RTX 4080 graphics card for $560 off. Usually $3,750, it’s down to $3,190 for a limited time, which is a pretty great deal for a gaming rig packed with high-end hardware. If you’re keen to learn more, keep reading and we’ll take you through everything. We’re not certain how long the deal will stick around for, so assume it’s going to end sooner rather than later if you don’t want to risk missing out.

Why you should buy the CLX Horus Gaming PC
CLX sneaks in one of its entries among our look at the best gaming PCs, so you can be rest assured that this is one worth checking out. The CLX Horus Gaming PC looks fantastic on paper. It has a 14th-generation Intel Core i9-14900KF processor along with a huge 64GB of speedy 5600MHz DDR5 memory. Besides that, there’s also 2TB of SSD storage, which would be enough for many people, before throwing in even more storage with 6TB of regular HDD storage. Pretty sweet, right? Better still is its GeForce RTX 4080 graphics card with 16GB of dedicated VRAM, so it’s perfectly well suited for all your gaming needs for a very long time to come.

Read more
Intel Arrow Lake gets possible pricing and release date
Intel CEO Pat Gelsinger presents Intel's roadmap including Arrow Lake, Lunar Lake, and Panther Lake.

We haven't even gotten an official release date for Intel Arrow Lake, but the one we know of is already being pushed back. Many leaks pointed to an October 10 release, but now, one source claims that Intel won't launch its next-gen top desktop processors until October 24. This only applies to the K and KF-series CPUs -- the non-K variants won't arrive until much later. We've also gotten a peek at some of the possible pricing.

Fortunately, the delay doesn't appear to be major. According to HKEPC on X (formerly Twitter), the launch of Intel Arrow Lake-S has now been pushed back from October 17 to October 24. This is somewhat inconsistent with previous leaks, but not really -- it appears that Intel had always planned to announce Arrow Lake on October 10, with availability starting on October 17. Now, we might still hear about the CPUs on October 10, but they won't appear on the shelves until two weeks later.

Read more
Credit card info for 1.7 million users leaked in huge breach
A credit card is passed from one person to another.

Florida-based payment gateway provider Slim CD has confirmed in a notification sent to affected clients (almost 1.7 million) that their full names, credit card info, physical address, and payment card expiration date have been breached, according to a letter from the company, It's a trend that's unfortunately becoming fairly common.

What's more shocking about the number of affected users is how long it took the company to notice the breach since the hackers had access from August 2023 to June 2024. The company first noticed suspicious activity on June 15, stating, "That access may have enabled an unauthorized actor to view or obtain certain credit card information between June 14, 2024, and June 15, 2024,”

Read more