Intel expands its bug bounty programme with Project Circuit Breaker

Intel expands its bug bounty programme with Project Circuit Breaker

Image:
Intel expands its bug bounty programme with Project Circuit Breaker

The new initiative will enable elite hackers to work together with Intel engineers in addressing security issues in Intel products

Intel on Wednesday announced Project Circuit Breaker, the company's latest security initiative that aims to expand the existing bug bounty programme by inviting elite hackers to uncover security weaknesses in Intel's new and yet-to-be released firmware, chipsets, GPUs, hypervisors, and more.

According to Intel, Project Circuit Breaker will offer a series of limited-time events focused on specific new platforms and technologies. It will enable participants to have access to new/prerelease hardware while also getting a chance to work together with Intel engineers in addressing security issues in Intel products.

The company stresses that this will offer 'exciting new hacking challenges and opportunities to explore at unprecedented levels'.

Project Circuit Breaker's official website says individuals who participate in the project will have the opportunity to boost their earnings for their efforts.

'For the first time, security researchers are able to work directly with Intel's product and security teams through live hacking events that may include bounty multipliers up to 4x. Capture the flag contests and other training will help prepare researchers for challenges, which may include access to beta software and/or hardware and other unique opportunities,' the website says.

'Camping with Tigers' - the project's inaugural event - has been running since last month and will continue into May. Twenty researchers have already enrolled for the event, who all received PCs equipped with Intel Core i7 processors (formerly Tiger Lake) from Intel.

The event offers participants bounty multipliers that are activated at three different stages when certain bugs are discovered.

The chipmaker's investment in expanding its bug bounty programme makes sense, given how important such projects have become for hardware and software companies in recent years.

Intel initially launched its Bug Bounty programme to the public in 2018. Last year, 97 of the 113 externally found bugs impacting the Intel products were reported through Intel's Bug Bounty programme.

Katie Noble, director, Intel Product Security Incident Response Team (PSIRT) and Bug Bounty, described Project Circuit Breaker as firm's next step in collaborating with researchers to strengthen the industry's security assurance practices.

"Project Circuit Breaker is possible thanks to our cutting-edge research community. This programme is part of our effort to meet security researchers where they are and create more meaningful engagement."

Intel is yet to disclose the monetary value of discovering bugs via the Project Circuit Breaker programme. The company said it will provide 'awards and swag' which 'will vary by event'.

The bug bounty programmes of leading tech firms like Microsoft, Google, Intel and Apple today offer rewards as high as $1,500,000 for reporting critical issues.

In 2019, Apple announced that it was increasing its maximum bug bounty from $200,000 to $1 million in a bid to ensure security researchers turn-in any security flaws they find to Apple - rather than selling them on the grey market.

In 2018, Microsoft also opened up a bug bounty programme, offering up to $250,000, for finding major, Meltdown and Spectre-level security bugs.