Skip to content

February 15, 2018

Intel expands bug bounty to catch more Spectre-like security flaws

by John_A

To say Intel was caught flat-footed by the Meltdown and Spectre flaws would be an understatement. However, it has a potential solution: enlist more people for help. It’s widening its bug bounty program to both include more researchers and offer more incentives to spot Meltdown- and Spectre-like holes. The program is now open to all security researchers, not just by invitation, and includes sweeter rewards for discovering exploits. You now get up to $100,000 for disclosing general security flaws, and there’s a new program dedicated to side channel vulnerabilities (read: issues like Spectre) that offers up to $250,000 through December 31st, 2018.

The higher bounty stems in part from the complexity of demonstrating exploits. Unlike most purely software-driven attacks, the speculative execution tricks behind Meltdown and Spectre require extensive know-how.

The end date on the side channel bounty sets a firm limit on what the program will achieve, although Intel’s promise of more secure chips in 2018 could reduce the need to single out these sorts of attacks. The bug bounty program will continue to “evolve,” Intel added, so it’s not set in stone. There’s no question about what the chip giant wants, though: it’s racing to identify as many processor-related flaws as it can while its CPUs are known to be vulnerable and interest in the subject is high.

Via: GeekWire

Source: Intel

Read more from News

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: