Intel expands Bug Bounty program with ‘Project Circuit Breaker’ effort
Intel announced the expansion of its Bug Bounty program this week, explaining in a statement that it plans to create a new effort called “Project Circuit Breaker.”
The project will bring in an “elite” group of hackers to search for vulnerabilities in Intel’s firmware, hypervisors, GPUs, chipsets, and more. According to Intel, the program will involve “targeted time-boxed events on specific new platforms and technologies, providing training and creating opportunities for more hands-on collaboration with Intel engineers.”
The first Project Circuit Breaker event, “Camping with Tigers,” started in December and includes 20 researchers who received systems with Intel Core i7 processors. The event will end in May, and Intel said bounty multipliers are being offered at three milestones for eligible vulnerabilities.
Katie Noble, director of Intel’s Product Security Incident Response Team (PSIRT) and Bug Bounty, said the new program was possible due to the company’s “cutting-edge research community.”
“This program is part of our effort to meet security researchers where they are and create more meaningful engagement,” Noble said.
“We invest in and host bug bounty programs because they attract new perspectives on how to challenge emerging security threats — and Project Circuit Breaker is the next step in collaborating with researchers to strengthen the industry’s security assurance practices, especially when it comes to hardware.”
Tom Garrison, vice president and general manager of client security strategy & initiatives at Intel, added, “As we aim to develop the most comprehensive security features, we also realize the incredible value of deeper collaborations with the community to identify potential vulnerabilities and mitigate them for the ongoing improvement of our products.
Intel has run its Bug Bounty Program since 2018.
Intel explained that 97 of 113 externally found vulnerabilities were reported through Intel’s Bug Bounty program in 2021. The company’s security experts are also part of both the Bug Bounty Community of Interest and Forum of Incident Response and Security Teams.
The announcement comes days after Cloudflare announced its own paid public bug bounty program hosted on HackerOne’s platform.