Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Intel adds payout bonuses as it migrates bug bounty program to Intigriti

Computer chip giant Intel has launched a bug bounty program with Belgium-based Intigriti, after switching from rival, US-based ethical hacking platform HackerOne.

Intel is applying a 12-month bonus incentive to bug bounty rewards on select lines of hardware and firmware, which lifts the payout ceiling for the most critical bugs from $100,000 to $150,000.

Intel’s Intigriti bug bounty program launched on December 6, while its HackerOne program, which launched in February 2018, will stop accepting submissions as of today (December 13).

Payout tiers

Payout scales are split into three tiers, with top-tier rewards of between $2,000 and $100,000 reserved for vulnerabilities in hardware such as microprocessors, chipsets, motherboards, and SSDs (solid state drives).

Payouts on second tier, firmware flaws range between $1,000 and $30,000, while the rewards for the lowest value, software-focused tier are between $500-$10,000.

But the application of a bonus multiplier of between 1.2 and 1.5 on certain targets will result in ‘exceptional’ bugs – a level above even ‘critical’ issues – attracting payouts of up to $45,000 for firmware and $150,000 for hardware.

The bonus scheme will apply to firmware and hardware within Intel, Pentium, Intel Celeron, and Intel Atom processors between May 11, 2021 and May 10, 2022.

At the end of the bonus period Intel will publish a blog post hailing the top 10 vulnerability submissions, while the two best performing security researchers will be invited to speak virtually at iSecCon, Intel’s internal security conference.

Intel’s web infrastructure falls outside the program’s scope. Web application vulnerability reports should instead be submitted by email via external.security.research@intel.com.

‘Community engagement’

Founded in 2016, Intigriti is a more recent arrival to the bug bounty scene than HackerOne – which launched in 2012 – and says it is already used by 40,000 security researchers. 

A spokesperson for Intel told The Daily Swig: “As our contract with HackerOne came to an end, we evaluated services available in the market and found that Intigriti best meets our needs as we continue to evolve our bug bounty program.”

Stijn Jans, CEO and founder of Intigriti, told The Daily Swig: “It’s very exciting news for us. Throughout the discussions with Intel we have seen that they want to invest heavily in community engagement and education events.

He added: “There are several ways we invest in the researchers. Our community team is working with the community to create content, interviewing for example researchers about how their life is going and how they feel working with us and all the [bug bounty] platforms. We also host challenges that are very popular amongst researchers to educate them on new techniques.”

Inti De Ceukelaire, Intigriti’s head of hackers and a bug hunter himself, added: “Hackers are involved throughout the whole decision process at Intigriti so we are very hacker-focused, and we interact in a unique way with the community.

“We’re in a transition phase with Intel, so the focus right now is to make sure that we onboard the program that people know and love, make some minor adjustments to it along with the Intel team, incorporate some learnings they have from their other program, then make sure the hackers that have reported to them before are accommodated in the best way possible. That’s currently our number one priority.

Advertisement. Scroll to continue reading.

“Once we believe that is finished, we will start engaging with some other very cool things that have not been done before.”

Source: https://portswigger.net/daily-swig/intel-adds-payout-bonuses-as-it-migrates-bug-bounty-program-to-intigriti

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO