Intel expands bug bounty to catch more Spectre-like security flaws

To say Intel was caught flat-footed by the Meltdown and Spectre flaws would be an understatement. However, it has a potential solution: enlist more people for help. It’s widening its bug bounty program to both include more researchers and offer more incentives to spot Meltdown- and Spectre-like holes. The program is now open to all security researchers, not just by invitation, and includes sweeter rewards for discovering exploits. You now get up to $100,000 for disclosing general security flaws, and there’s a new program dedicated to side channel vulnerabilities (read: issues like Spectre) that offers up to $250,000 through December 31st, 2018.

The higher bounty stems in part from the complexity of demonstrating exploits. Unlike most purely software-driven attacks, the speculative execution tricks behind Meltdown and Spectre require extensive know-how.

The end date on the side channel bounty sets a firm limit on what the program will achieve, although Intel’s promise of more secure chips in 2018 could reduce the need to single out these sorts of attacks. The bug bounty program will continue to “evolve,” Intel added, so it’s not set in stone. There’s no question about what the chip giant wants, though: it’s racing to identify as many processor-related flaws as it can while its CPUs are known to be vulnerable and interest in the subject is high.

Via: GeekWire

Source: Intel

Source: Engadget - Read the full article here

Author: Daily Tech Whip

This article is part of our 'News Tiles' service. The site is currently in Beta. When it is fully operational you will be able to search through and arrange the 'Tiles' to display a keyword, product or technology over your chosen time period. For example you would be able to display all of the leading tech articles on the new Kindle Fire, in one spot in real time. You will also have access to our own original reporting and analysis as well as a polished place to post your own thoughts & reviews here, amongst the Daily Tech Whip Community. Please let us know if you have any feedback via the contact form or via Twitter. Don't forget to come back next week and see our full site and claim your name and your own free tech blog.

Share This Post On