Microsoft, Intel launches software bug bounty programs

Microsoft, Intel launches software bug bounty programs

Intel and Microsoft both have finally joined the bug bounty game with financial rewards on offer up to $30,000.

Microsoft and Intel have launched new bug bounty programs with thousands of dollars on offer for the most dangerous software bugs.
Intel revealed the new bug bounty program will be hosted on HackerOne. While old hat for companies including Microsoft, Facebook, and Google, the scheme is the first of its kind for the tech giant.

“We want to encourage researchers to identify issues and bring them to us directly so that we can take prompt steps to evaluate and correct them, and we want to recognize researchers for the work that they put in when researching a vulnerability,” Intel said. “By partnering constructively with the security research community, we believe we will be better able to protect our customers.”

Intel says the “harder a vulnerability is to mitigate, the more we pay.” As a consequence, critical bugs are the most lucrative, with $7,500 on offer for critical Intel software bugs, up to $10,000 for critical Intel firmware security flaws, and up to $30,000 for each critical Intel hardware bug disclosed to the company.

The Santa Clara, California-based firm uses the CVSS score generator to ascertain how dangerous a vulnerability can be. If a bug is deemed of “high” importance, up to $10,000 is up for grabs, while a “medium” severity bug can earn researchers up to $2,000. In addition, “low” risk security flaws are worth up to $1,000. Intel Security (McAfee), third-party products, and Intel’s web presence are not part of the bug bounty program.