Intel is expanding its bug bounty program to focus on side channel vulnerabilities and also increases the awards for disclosures made by security researchers.
Updates to Intel's program include:
- Shifting from an invitation-only program to a program that is open to all security researchers, significantly expanding the pool of eligible researchers.
- Offering a new program focused specifically on side channel vulnerabilities through Dec. 31, 2018. The award for disclosures under this program is up to $250,000.
- Raising bounty awards across the board, with awards of up to $100,000 for other areas.
The Intel Bug Bounty Program was launched in March 2017 to incentivize security researchers to collaborate with Intel to find and report potential vulnerabilities. This, in turn, helped Intel strengthen the security of its products, while also enabled a coordinated disclosure process - although this partially happened in the case of Meltfdown and Spectre chip flaws.
In any case, coordinated disclosure minimizes the risk that exploitable information becomes publicly known before mitigations are available, meaning that users will propably have solutions available when security issues are first published.