Intel Announces Project Circuit Breaker Bug Bounty Program
Even the best processors can have security vulnerabilities. To help identify them, Intel has announced an evolution of its existing bug bounty program, which rewards hackers who identify and report vulnerabilities in Intel’s hardware and software releases. “Project Circuit Breaker,” as it’s been named, will operate as a series of standalone, time-limited events for “specific new platforms and technologies.” Participants will have the chance to receive training and hardware provided by Intel, and will be able to work alongside Intel engineers in the discovery of hardware and software flaws.
Katie Noble, Intel’s Director of The Product Security Incident Response Team (PSIRT) and Bug Bounty efforts, said that “The Circuit Breaker project is possible thanks to our cutting-edge research community. This program is part of our efforts to meet security researchers where they are and create more meaningful engagement. We invest in and host bug bounty programs because they provide new insights into how to challenge emerging security threats – and Project Circuit Breaker is the next step in collaborating with researchers to strengthen security assurance practices. industry safety, particularly with regard to hardware. We look forward to seeing how the program evolves and bringing new voices to the meaningful work we do.
Intel’s efforts to increase the real and perceived security of their products got a forced boost in 2018, following the Spectre/Meltdown crisis – the company even designed its own Fort Knox for security research. inherited and real by building a secret facility in Costa Rica.
Considering how Intel’s bug bounty program was responsible for 97 of 113 externally reported vulnerabilities in 2021, the impact of community-based security research seems to be an increasingly important part of the philosophy. of the company. External researchers who are outside of Intel’s culture and know-how are likely better able to approach security issues (and their exploits) creatively. It also allows Intel to tap into the collective brain of the cybersecurity community, which has put in the work and hours to identify these vulnerabilities, but only gets paid if it hits the proverbial pot of gold.
“For the first time, security researchers can work directly with Intel’s product and security teams through live hacking events that can include bounty multipliers up to 4x,” the The main circuit breaker site reads. “Capture the flag competitions and other training will help prepare researchers for challenges, which may include access to beta software and/or hardware and other unique opportunities.”
The Circuit Breaker project is already underway, with the first scheduled event, “Camping with Tigers”, launched in December with a team of 20 external security researchers. This particular bug-squashing sprint will end in May, and participants will receive payouts based on the severity of identified vulnerabilities across three reward tiers. Today’s announcement means the format has been a success and is now part of Intel’s product security efforts.