Latest in Gear

Image credit: David Paul Morris/Bloomberg via Getty Images

Intel expands bug bounty to catch more Spectre-like security flaws

It might not always spot exploits, but it can ask for help.
222 Shares
Share
Tweet
Share

Sponsored Links

David Paul Morris/Bloomberg via Getty Images

To say Intel was caught flat-footed by the Meltdown and Spectre flaws would be an understatement. However, it has a potential solution: enlist more people for help. It's widening its bug bounty program to both include more researchers and offer more incentives to spot Meltdown- and Spectre-like holes. The program is now open to all security researchers, not just by invitation, and includes sweeter rewards for discovering exploits. You now get up to $100,000 for disclosing general security flaws, and there's a new program dedicated to side channel vulnerabilities (read: issues like Spectre) that offers up to $250,000 through December 31st, 2018.

The higher bounty stems in part from the complexity of demonstrating exploits. Unlike most purely software-driven attacks, the speculative execution tricks behind Meltdown and Spectre require extensive know-how.

The end date on the side channel bounty sets a firm limit on what the program will achieve, although Intel's promise of more secure chips in 2018 could reduce the need to single out these sorts of attacks. The bug bounty program will continue to "evolve," Intel added, so it's not set in stone. There's no question about what the chip giant wants, though: it's racing to identify as many processor-related flaws as it can while its CPUs are known to be vulnerable and interest in the subject is high.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
222 Shares
Share
Tweet
Share

Popular on Engadget

Windows users can now log in using Yubico security keys

Windows users can now log in using Yubico security keys

View
Watch NASA's first all-woman spacewalk

Watch NASA's first all-woman spacewalk

View
US military will no longer use floppy disks to coordinate nuke launches

US military will no longer use floppy disks to coordinate nuke launches

View
SpaceX begins construction of its next-generation Starship rockets

SpaceX begins construction of its next-generation Starship rockets

View
Lebanon plans to charge a fee for internet voice calls

Lebanon plans to charge a fee for internet voice calls

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr