Meltdown and Specter loopholes exposed some time ago affected almost all Intel processors, and even spread to the entire industry.Although many manufacturers have "remedial efforts," the introduction of the patch, but still makes people lingering fear.
At present, the best way to deal with vulnerabilities, in addition to try to avoid the underlying design, is to work with security personnel to identify and eliminate potential security issues in the product.
Similar to many corporate practices, Intel also introduced a bug reporting bounty program in March 2017 to motivate security researchers to work with them to identify and report potential vulnerabilities, and Intel said it helped Intel enhance product safety in this area , While helping to achieve a responsible and coordinated information disclosure process.
In order to further avoid product vulnerabilities, On February 14, Intel announced an update to its Vulnerability Reward Bids Program, which includes:
1. In the past, this program, which covered only invited people, will be open to all safety researchers in the future, significantly expanding the reach of qualified researchers.
2. Launched a new program specifically targeting side-channel vulnerabilities that will last until December 31, 2018; up to a maximum of $ 250,000 in reimbursement to Intel under this program.
3, a comprehensive increase in the amount of reward, in other areas up to a reward of 100,000 US dollars.
Intel said it will continue to push the program on demand to maximize its effectiveness and help us meet our promises of safety first, and we thank all those in the industry for choosing to participate in the program ahead of time.
