Even the most advanced processors might contain security flaws. Intel has announced an update to its existing bug bounty program, which rewards hackers who discover and report flaws in Intel’s hardware and software releases. The project, dubbed “Project Circuit Breaker,” will function as a series of stand-alone, time-constrained events for “particular new platforms and technologies.” Participants will receive Intel-supplied training and hardware, as well as the opportunity to collaborate with Intel developers in the detection of hardware and software faults.
Katie Noble, Intel’s director for the Product Security Incident Response Team (PSIRT) and Bug Bounty efforts, said that “Project Circuit Breaker is possible thanks to our cutting-edge research community. This program is part of our effort to meet security researchers where they are and create more meaningful engagement. We invest in and host bug bounty programs because they attract new perspectives on how to challenge emerging security threats – and Project Circuit Breaker is the next step in collaborating with researchers to strengthen the industry’s security assurance practices, especially when it comes to hardware. We look forward to seeing how the program will evolve and to introducing new voices to the meaningful work that we do.”
Intel’s efforts to improve the actual and perceived security of its devices received a boost in 2018 as a result of the Spectre/Meltdown problem; the corporation even built its own Fort Knox for legacy and actual security research in Costa Rica.
Given that Intel’s bug bounty program was responsible for 97 of 113 externally reported vulnerabilities in 2021, community-based security research appears to be a growing part of the company’s culture. External researchers who aren’t familiar with Intel’s culture and know-how are more prone to think outside the box when it comes to security issues (and their vulnerabilities). It also allows Intel to tap into the collective intelligence of the cybersecurity community, which puts in the effort and hours required to find these flaws but only gets compensated if they find the metaphorical pot of gold.
“For the first time, security researchers can work directly with Intel’s product and security teams through live hacking events that may include bounty multipliers up to 4x,” the Circuit Breaker main site reads. “Capture the flag contests and other training will help prepare researchers for challenges, which may include access to beta software and/or hardware and other unique opportunities.”
Project Circuit Breaker is already underway, with the first time-limited event, “Camping with Tigers,” beginning in December with a team of 20 outside security researchers. This bug-hunting sprint will end in May, and participants will be compensated based on the severity of vulnerabilities discovered, with three prize tiers. The fact that the format was announced today indicates that it was a success, and it is now being integrated into Intel’s product security efforts.
also read:
Ford plans to invest up to $20 billion in the drive to increase its EV business
