AMD has partnered with Intigriti, a crowdsourced security service provider, to launch a new bug bounty program. This program allows security researchers, ethical hackers, and other experts in the general public to submit bugs in AMD’s hardware, firmware, or software, via the Intigriti platform and get a monetary reward for their efforts.
AMD has previously had a private bug bounty initiative, but only a select few were invited to participate. With the expansion of this program to the public, researchers from different backgrounds may be incentivized to find issues with AMD’s products. This should widen the scope of testers and even include experts from fields that AMD hadn’t thought to include in its private testing.
The rewards AMD offers on the Intigriti platform depends on the severity of the bug and its product category. Here’s what you can get if AMD accepts your bug bounty reward claim:
| Bug Severity | Low | Medium | High | Critical |
|---|---|---|---|---|
| Hardware | $2,000 | $5,000 | $15,000 | $30,000 |
| Firmware | $1,000 | $3,000 | $9,000 | $15,000 |
| Software | $500 | $1,500 | $5,000 | $10,000 |
You can also submit a bug report directly to AMD via its Product Security Team, but there’s no guarantee that you’ll get paid via this route (although the researcher will be given credit in the published security bulletin).
Bug bounty programs are crucial for many tech companies, especially those with products and services that are used widely and could affect millions of customers. AMD is no stranger to bugs, with some of the recent ones including the AMD Ryzen 7000 processors melting in their sockets (2023), severe BIOS security vulnerabilities from the original Zen to the latest Zen 4 processors (2024), and the unintended overclocking limits set on the RX 7900 GRE GPUs (2024). A bug bounty program could help AMD discover these potential issues before they are widely known and become full-blown news.
Other big PC industry corporations have bug bounty programs, helping to ensure that their systems and products are kept safe from undiscovered vulnerabilities. Intel has its Project Circuit Breaker bug bounty program, and invites community members to work with Intel staff to discover flaws in its products.
Aside from benefitting the company, successful bug bounty hunters coan earn big from their work. According to our report from 2020, hackers could earn well over $90,000 annually from finding bugs. In 2023, Google paid out at least $10 million in bug bounties, while Polygon Technology paid $2 million to an individual researcher after they discovered a critical flaw.
If you’re an expert in this field, you could make a living by working as bug bounty hunter. Not only will this help safeguard end users by discovering vulnerabilities, but you could get paid handsomely for doing it. Best of all, you don’t have to do it as a full-time job, so you can do it at your own pace, as a side gig, or even just as a hobby.
