The dividend cap for the 12-month bonus period has been increased from $100,000 to $150,000
Computer chip giant Intel and Belgium-based Intigriti have launched a bug bounty program after switching from rival American ethical hacker platform HackerOne.
Intel is offering a 12-month bonus incentive for bug bounties for specific hardware and firmware series, increasing the payment limit for the most serious bug from US$100,000 to US$150,000.
Intel’s Integrity Vulnerability Bounty Program Launched on December 6, and its HackerOne programIt was launched in February 2018 and will stop accepting submissions today (December 13).
Payment level
The payment levels are divided into three levels, with the highest rewards ranging from US$2,000 to US$100,000 for handling vulnerabilities in hardware such as microprocessors, chipsets, motherboards, and SSDs (Solid State Drives).
For the second layer, the compensation for firmware defects is between US$1,000 and US$30,000, while the minimum value, the software-focused layer, is between US$500 and US$10,000.
Don’t forget to read Vulnerability Bounty Radar // The latest bug bounty program in December 2021
However, applying bonus multipliers between 1.2 and 1.5 on certain goals will result in “abnormal” errors—even higher than the level of “critical” issues—attracting up to $45,000 in firmware spending and $150,000 in hardware spending.
The reward program will apply to the firmware and hardware in Intel, Pentium, Intel Celeron and Intel Atom processors from May 11, 2021 to May 10, 2022.
At the end of the reward period, Intel will publish a blog post praising the top 10 vulnerabilities submitted, and the two best performing security researchers will be invited to give virtual lectures at Intel’s internal security conference iSecCon.
Intel’s network infrastructure is outside the scope of the plan. Web application vulnerability reports should be submitted via email via external.security.research@intel.com instead.
‘Community Involvement’
Intigriti was founded in 2016. Compared with HackerOne, which was launched in 2012, Intigriti has recently entered the bug bounty field and stated that it has been used by 40,000 security researchers.
Intel spokesperson told Drink it every day“As our contract with HackerOne expires, we evaluated the services available in the market and found that Intigriti can best meet our needs because we will continue to improve our bug bounty program.”
related Understand the bug bounty platform and put the community in crowdsourcing security
Stijn Jans, CEO and founder of Intigriti, told Drink it every day: “This is very exciting news for us. In discussions with Intel, we saw that they want to invest heavily in community participation and educational activities.
He added: “We have multiple ways to invest in researchers. Our community team is working with the community to create content, such as interviewing researchers to understand how they live and how they feel working with us and all [bug bounty] platform. We also held challenges that are very popular among researchers to educate them about new technologies. ”
Inti De Ceukelaire, Intigriti’s director of hackers and vulnerability hunter, added: “Hackers are involved in the entire decision-making process of Intigriti, so we are very concerned about hackers and interact with the community in a unique way.
“We are in a transitional phase with Intel, so the focus now is to make sure that we join a program that people are familiar with and love, and work with the Intel team to make some subtle adjustments to it, combining some of the knowledge they have learned from them and other programs, Then make sure to accommodate the hackers who reported to them in the best way. This is our number one priority at the moment.
“Once we believe this is done, we will start to do some other very cool things that we haven’t done before.”
Respected “Everyone is welcome”-The Microsoft Security Team provides a different perspective on the vulnerability disclosure process
