Intel unveils Circuit Breaker bug bounty expansion for elite hackers


Intel says its engineers are partnering with security researchers to hunt for vulnerabilities in firmware, GPUs, hypervisors, chipsets, and other products in a new expansion to its bug bounty program.

Last year, 97 out of the 113 externally found security vulnerabilities were reported by researchers who joined the public bug bounty program, according to Intel.

Project Circuit Breaker, the name of the bounty program expansion, supplements Intel’s existing program and allows invited bug hunters to work with Intel’s product and security teams on some special projects.

These include live hacking and Capture the Flag events with bounty multipliers of up to 4x, access to early products and training sessions, all designed to help Intel accelerate security research for specific products and technology.

“Project Circuit Breaker broadens and deepens Intel’s existing open Bug Bounty program by hosting targeted time-boxed events on specific new platforms and technologies, providing training and creating opportunities for more hands-on collaboration with Intel engineers,” Intel said.

“Project Circuit Breaker’s first event, Camping with Tigers, is already underway with a group of 20 researchers who received systems with Intel Core i7 processors (formerly Tiger Lake).”

Found bugs will be publicly disclosed

This first event focuses on finding micro-architectural, physical (I/O, storage, flash, memory, sensors, embedded controller, trusted platform module), and firmware (BIOS, IP firmware components, embedded controller, sensor, trusted platform module, storage, flash storage) attacks.

Camping with Tigers will wrap up in May, with the program to expand to hunt bugs in GPUs, chipsets, firmware, hypervisors, and other Intel branded products.

Intel plans to publicly disclose all security vulnerabilities found through the new bounty program expansion, following the company’s regular Product Security Incident Response Team (PSIRT) process.

“We look forward to seeing how the program will evolve and to introducing new voices to the meaningful work that we do,” said Katie Noble, Intel’s director of Product Security Incident Response Team (PSIRT) and Bug Bounty.

“We invest in and host bug bounty programs because they attract new perspectives on how to challenge emerging security threats – and Project Circuit Breaker is the next step in collaborating with researchers to strengthen the industry’s security assurance practices, especially when it comes to hardware.