Intel expands its bug bounty program with Project Circuit Breaker

The Intel logo displayed on a smartphone in front of a screen of computer code

Intel has expanded its $100,000 bug bounty program in an effort to entice “elite hackers” to report vulnerabilities in the company's firmware, hypervisors, graphics processing units (GPUs), and chipsets.

Of the 113 external vulnerabilities detected in 2021, 97 were reported to Intel through its public bug bounty program.

Dubbed Project Circuit Breaker, the expansion to Intel's existing program will see the creation of an integrated community that will offer targeted training, hacking challenges, and opportunities to explore new and pre-release products, in addition to enhanced collaborations with hardware and software engineering teams at Intel.

"Project Circuit Breaker broadens and deepens Intel's existing open Bug Bounty program by hosting targeted time-boxed events on specific new platforms and technologies, providing training and creating opportunities for more hands-on collaboration with Intel engineers," explained Intel.

"Project Circuit Breaker's first event, Camping with Tigers, is already underway with a group of 20 researchers who received systems with Intel Core i7 processors (formerly Tiger Lake)."

In the exclusive Camping with Tigers event, researchers will look for security vulnerabilities in Intel’s Tiger Lake platform. The program began in December 2021 and will be in effect until May 2022. At three milestones, eligible vulnerabilities will earn bounty multipliers.

Potential findings may include, among others, micro-architectural and firmware vulnerabilities. This covers flaws related to BIOS, IP firmware components, embedded controller, sensor, trusted platform module, and flash storage.

“We invest in and host bug bounty programs because they attract new perspectives on how to challenge emerging security threats – and Project Circuit Breaker is the next step in collaborating with researchers to strengthen the industry’s security assurance practices, especially when it comes to hardware, said Katie Noble, director of Intel’s product security incident response team (PSIRT) and bug bounty.

“We look forward to seeing how the program will evolve and to introducing new voices to the meaningful work that we do,” added Noble.