Rick Echevarria, vice president and general manager, Platform Security Group, Intel Corporation
Intel believes that working with security researchers is a key element in identifying and eliminating potential security issues in Intel products, and similar to other corporate practices, we have introduced and incorporated vulnerability reporting reward programs into our operating models. "Intel® The Vulnerability Reporting Reward program, launched in March 2017, is designed to motivate security researchers to work with us to identify and report on potential vulnerabilities, which in turn helps us to enhance product safety while helping to deliver responsible and coordinated information Disclosure process.
For more information, see: Security Concerns with Intel Products (Newsroom) and Latest Security Research Results and Intel Product Notes (Intel.com)
In order to be responsible for protecting customers from being compromised by security vulnerabilities, it is generally acknowledged that the best way to do this is through coordinated disclosure of information, and this approach first allows defensive measures to be put in place to minimize the risk until exploitable vulnerability information is made public We work closely with industry partners and customers to encourage responsible and coordinated disclosure of information so that users are significantly more likely to have access to available solutions when security issues are first publicly disclosed. Our loopholes bounty program supports this The goal is to enable the security research community to inform us directly and promptly of the potential vulnerabilities discovered by its members by establishing processes that are relevant to them.
In support of our recently reaffirmed commitment to guarantee safety, we have updated the vulnerability reporting rewards program and we believe these changes will allow us to work more widely with the security research community to better stimulate coordinated responses and information Disclosure, thereby further protecting our customers and their data.
Vulnerability Report The Bounty Program update includes:
• The program, which was previously covered only by invited people, will be open to all security researchers in the future, significantly expanding the reach of qualified researchers • Launching a new program specifically targeting side-channel vulnerabilities that lasts until 2018 December 31, 2008; up to a maximum of $ 250,000 in rewards for reporting vulnerabilities to Intel under the program • Full rewards increase up to $ 100,000 in other areas For more details, including this update to the program, visit the Intel Security Web site or our HackerOne webpage.
We will continue to promote the program on an as-needed basis to maximize its effectiveness and help us to fulfill our promise of safety first, and we hereby give our heart-to-heart thanks to all those who have chosen to participate in the program.