Intel Announces "Project Circuit Breaker" Bug Bounty Program

Even the best CPUs can have security holes. To help identify them, Intel has announced an evolution to its existing bug bounty program, which rewards hackers that identify and report vulnerabilities in Intel's hardware and software releases. "Project Circuit Breaker", as it's been named, will work as a series of standalone, time-constrained events for "specific new platforms and technologies." Participants will get a chance to receive Intel-provided training and hardware, and will be able to work alongside Intel engineers in the discovery of hardware and software flaws.

Katie Noble, Intel's director for the Product Security Incident Response Team (PSIRT) and Bug Bounty efforts, said that “Project Circuit Breaker is possible thanks to our cutting-edge research community. This program is part of our effort to meet security researchers where they are and create more meaningful engagement. We invest in and host bug bounty programs because they attract new perspectives on how to challenge emerging security threats – and Project Circuit Breaker is the next step in collaborating with researchers to strengthen the industry’s security assurance practices, especially when it comes to hardware. We look forward to seeing how the program will evolve and to introducing new voices to the meaningful work that we do.”

Intel's efforts to increase the actual and perceived security of their products saw a forced boost in 2018, in wake of the Spectre/Meltdown crisis - the company even devised its own Fort Knox for legacy and actual security research by building a secret facility in Costa Rica

Considering how Intel's bug bounty program was responsible for 97 of 113 externally-reported vulnerabilities in 2021, the impact of community-based security research seems to be an increasingly important piece of the company's ethos. External researchers that aren't part of Intel culture and know-how are likely better able to approach security problems (and their exploits) creatively. It also allows Intel to tap into the collective brain power of the cybersecurity community, who put in the work and hours required to identify these vulnerabilities, but only get paid should they hit the proverbial pot of gold.

TOPICS
Francisco Pires
Freelance News Writer

Francisco Pires is a freelance news writer for Tom's Hardware with a soft side for quantum computing.