Meltdown and Specter loopholes exposed some time ago affected almost all Intel processors and even spread to the industry. Although many manufacturers have “remedial measures” to launch the patch, still makes people lingering fear. At present, the best way to deal with vulnerabilities, in addition, to try to avoid the underlying design, is to work with security personnel to identify and eliminate potential security issues in the product.
Similar to many corporate practices, Intel also introduced a bug reporting bounty program in March 2017 to motivate security researchers to work with them to identify and report potential vulnerabilities. Intel said that on the one hand, Intel has helped to strengthen product safety while helping to achieve a responsible and coordinated information disclosure process.
In order to further avoid product vulnerabilities, February 14, Intel announced the updated vulnerability reporting bounty program, including:
- Shifting from an invitation-only program to a program that is open to all security researchers, significantly expanding the pool of eligible researchers.
- Offering a new program focused specifically on side channel vulnerabilities through Dec. 31, 2018. The award for disclosures under this program is up to $250,000.
- Raising bounty awards across the board, with awards of up to $100,000 for other areas.
Intel said it will continue to push the program on-demand to maximize its effectiveness and help us meet our promises of safety first. We hereby give our heartfelt thanks to all those who have chosen to participate in the program in advance.