What just happened? Intel has expanded its bug bounty program with the introduction of Project Circuit Breaker, which will consist of targeted time-boxed events focused on finding bugs in firmware, GPUs, hypervisors, chipsets and more. Participants in many cases will have access to beta software and pre-release products as they search for vulnerabilities in firmware, chipsets and processors.
Intel will provide training and create opportunities for hands-on collaboration with Intel engineers. The first Project Circuit Breaker event, codenamed Camping with Tigers, launched in December with a group of 20 researchers using Intel Core i7 processors (formerly Tiger Lake). It'll run through May, offering participants bounty multipliers at three milestones for eligible vulnerabilities.
Bug bounty programs have proven incredibly helpful to hardware and software makers as of late. In 2021, Intel said 97 of the 113 externally found vulnerabilities were reported through its bug bounty program.Katie Noble, director of the Product Security Incident Response Team (PSIRT) and Bug Bounty at Intel, said Project Circuit Breaker is the next step in collaborating with researchers to strengthen the industry's security assurance practices, especially as it relates to hardware.
Intel didn't discuss potential rewards, but its standard bug bounty program has awards ranging from $500 up to $100,000.
Intel already has a leaderboard up for Camping with Tigers participants, with round one winners to be named in mid-February, followed by round two bounty recipients in mid-April and round three winners in mid-May. Those interested in learning more about Project Circuit Breaker can start with Intel's FAQ.