Intel has announced an expansion of its Bug Bounty program with Project Circuit Breaker, a new initiative that is predominantly aimed at recruiting “elite hackers.”
The company wishes to form a community of hackers who will attempt to discover bugs in firmware, hypervisors, GPUs, chipsets, and more.
Project Circuit Breaker will provide time-boxed events for “specific new platforms and technologies.” Individuals who are involved in the initiative will receive training from Team Blue, which will create “opportunities for more hands-on collaboration with Intel engineers.”
Alongside the collaboration with Intel’s own software engineers, Project Circuit Breaker will allow participants to access new and prerelease products. The chip giant stresses that this will deliver “exciting new hacking challenges and opportunities to explore at unprecedented levels.” Those interested in enrolling in the program can do so on its website.
“Bug bounty programs are a powerful tool to continuously improve the security of our products,” said Tom Garrison, vice president and general manager of Client Security Strategy and Initiatives at Intel. “As we aim to develop the most comprehensive security features, we also realize the incredible value of deeper collaborations with the community to identify potential vulnerabilities and mitigate them for the ongoing improvement of our products.”
Twenty security researchers have already enrolled in Project Circuit Breaker’s first event, called Camping with Tigers, and all received systems equipped with Intel Core i7 processors (formerly Tiger Lake). The event itself, which was launched in December and will end in May, offers bounty multipliers that are triggered at three separate milestones when certain vulnerabilities are uncovered.
Intel added that Camping with Tigers “brings together world-class security researchers and our own product engineers to deepen testing and improve resiliency on our 11th Gen Intel Core processors.”
The Bug Bounty program was initially launched to the public in 2018. During 2021, 97 of 113 vulnerabilities that were discovered externally were reported through the initiative. It’s no surprise, then, that Intel is increasing its investment in the program. With “unprecedented access to early products” being emphasized in the announcement, the company is clearly trying to attract top talent who will most likely have access to upcoming PC components like Intel’s Arc Alchemist GPUs and its next-generation CPUs, dubbed Raptor Lake.
While the monetary value of finding bugs via the Project Circuit Breaker program has not been revealed, we have some idea of what kind of payments participants will be eligible to receive thanks to payout figures stemming from previous initiatives. For example, Intel’s Intigriti bug bounty program offers payout scales through three tiers.
The highest tier delivers rewards between $2,000 and $100,000 for locating vulnerabilities in hardware (microprocessors, chipsets, motherboards, and SSDs). The second tier involves bugs related to firmware, and pays out between $1,000 and $30,000, while the third tier offers payment ranging from $500 to $10,000 for detecting software defects.