Skip to main content

Intel enlists help of ‘elite hackers’ to exterminate bugs

Intel has announced an expansion of its Bug Bounty program with Project Circuit Breaker, a new initiative that is predominantly aimed at recruiting “elite hackers.”

The company wishes to form a community of hackers who will attempt to discover bugs in firmware, hypervisors, GPUs, chipsets, and more.

Related Videos
A depiction of a hacker from Intel's Project Circuit Breaker bug program.
Image source: Intel Intel

Project Circuit Breaker will provide time-boxed events for “specific new platforms and technologies.” Individuals who are involved in the initiative will receive training from Team Blue, which will create “opportunities for more hands-on collaboration with Intel engineers.”

Alongside the collaboration with Intel’s own software engineers, Project Circuit Breaker will allow participants to access new and prerelease products. The chip giant stresses that this will deliver “exciting new hacking challenges and opportunities to explore at unprecedented levels.” Those interested in enrolling in the program can do so on its website.

“Bug bounty programs are a powerful tool to continuously improve the security of our products,” said Tom Garrison, vice president and general manager of Client Security Strategy and Initiatives at Intel. “As we aim to develop the most comprehensive security features, we also realize the incredible value of deeper collaborations with the community to identify potential vulnerabilities and mitigate them for the ongoing improvement of our products.”

Twenty security researchers have already enrolled in Project Circuit Breaker’s first event, called Camping with Tigers, and all received systems equipped with Intel Core i7 processors (formerly Tiger Lake). The event itself, which was launched in December and will end in May, offers bounty multipliers that are triggered at three separate milestones when certain vulnerabilities are uncovered.

Intel added that Camping with Tigers “brings together world-class security researchers and our own product engineers to deepen testing and improve resiliency on our 11th Gen Intel Core processors.”

The Bug Bounty program was initially launched to the public in 2018. During 2021, 97 of 113 vulnerabilities that were discovered externally were reported through the initiative. It’s no surprise, then, that Intel is increasing its investment in the program. With “unprecedented access to early products” being emphasized in the announcement, the company is clearly trying to attract top talent who will most likely have access to upcoming PC components like Intel’s Arc Alchemist GPUs and its next-generation CPUs, dubbed Raptor Lake.

While the monetary value of finding bugs via the Project Circuit Breaker program has not been revealed, we have some idea of what kind of payments participants will be eligible to receive thanks to payout figures stemming from previous initiatives. For example, Intel’s Intigriti bug bounty program offers payout scales through three tiers.

The highest tier delivers rewards between $2,000 and $100,000 for locating vulnerabilities in hardware (microprocessors, chipsets, motherboards, and SSDs). The second tier involves bugs related to firmware, and pays out between $1,000 and $30,000, while the third tier offers payment ranging from $500 to $10,000 for detecting software defects.

Editors' Recommendations

DJI offers hackers up to $30,000 to help find bugs in its drones
DJI Spark best drones under $500

DJI, the popular Chinese drone manufacturer, is asking hackers to help make its devices more secure. The company announced the DJI Threat Identification Reward in a blog post on Monday and outlined the rewards, which range from $100 to $30,000 for uncovering vulnerabilities, depending on how big of a threat the hacker helps avert.

“Security researchers, academic scholars and independent experts often provide a valuable service by analyzing the code in DJI’s apps and other software products and bringing concerns to public attention,” Walter Stockwell, DJI's director of technical standards, said in a statement. “DJI wants to learn from their experiences as we constantly strive to improve our products, and we are willing to pay rewards for the discoveries they make.”

Read more
Meet the bug bounty hunters making cash by finding flaws before bad guys
Bug bounty using computer

Many security researchers make a living with security companies, but not everyone likes the rigidity of a corporate environment. Some work on a freelance basis. Like vigilante outlaws, they dig up bugs and exploits in some of the world's most popular platforms, hoping to gain a reward for their efforts.

Offering a bug bounty is one of the best ways for software companies to find problems with their applications and services before they can be exploited. Offering a reward means those who find a flaw may opt to cash in, instead of selling it to those who would use it for nefarious purposes.

Read more
Disabling hyperthreading may be the best way to avoid newly discovered Intel bug
Intel Core i7-7700K review

Update: Added Intel comment on the news.

A new bug discovered in the sixth and seventh generations of Intel's central processors can affect any chip with hyperthreading enabled. Although a fix exists for some CPUs, it may be worth disabling hyperthreading just in case you run afoul of its potentially quite serious problems.

Read more