Intel Offers Up to $250K for Side Channel Flaws
Intel has opened up its bug bounty program to all-comers for the first time, adding a new program focused on side channel vulnerabilities in the wake of the Spectre and Meltdown discoveries.
The chip giant has come in for much criticism over the past month after three serious side channel vulnerabilities were found to affect its and other vendor’s products.
The new bug bounty program will offer up to $250,000 for similar vulnerabilities, with a maximum $100,000 available in other categories.
Intel has also changed tack on who it allows to contribute, shifting the program from an invitation-only affair to one which is open to all security researchers.
The firm is presumably hoping that such moves will help it improve the security of its chips and avoid another catastrophic PR and security disaster.
“Coordinated disclosure is widely regarded as the best way to responsibly protect customers from security exploits. It minimizes the risk that exploitable information becomes publicly known before mitigations are available,” said Rick Echevarria, vice president and general manager of the Intel Platforms Security Division.
“Working closely with our industry partners and our customers, we encourage responsible and coordinated disclosure to improve the likelihood that users will have solutions available when security issues are first published. Our bug bounty program supports this objective by creating a process whereby the security research community can inform us, directly and in a timely fashion, about potential exploits that its members discover.”
Intel has been forced to go on something of a charm offensive of late, in order to reassure customers and investors it has security covered.
However, its efforts were somewhat undermined after Microsoft was forced to issue an out-of-band patch at the end of January to fix a buggy Intel update for one of the Spectre flaws which caused “reboot issues” and possible “data loss or corruption” for some customers.
“I'm acutely aware that we have more to do, we've committed to being transparent keeping our customers and owners appraised of our progress and through our actions, building trust,” said CEO Brian Krzanich on a recent earnings call.
Source: Information Security Magazine