Intel launches first bug bounty program

Chip giant Intel has joined the likes of Microsoft and Google to introduce a bug bounty program that offers rewards for flaw finders.

Researchers are invited to examine Intel hardware such as processors, chipsets and field programmable grid arrays, as well as other devices.

Bug bounties will also be paid out for flaws found in Intel firmware installed in motherboards and solid state drives, and software such as device drivers, applications, and tools.

Discovering Intel hardware flaws pays the most: up to US$30,000 (A$39,000) for a critical vulnerability, and US$10,000 for a high severity issue.

Critical firmware vulnerabilties pay US$10,000, and Intel will hand over up to US$7500 for software flaws.

If the issue has been discovered by Intel already, the company will still pay US$1500 for the first external report.

Intel's McAfee products are not covered by the bug bounty program, nor is the company's web infrastructure, or any third-party or open source products.

Participants have be at least 18 years of age, or get parents or legal guardian permission prior to submitting entries to the program.

Researchers who have a history of coordinated disclosure, and have shown an ability to find interesting vulnerabilities in Intel products, will be given greater consideration, the company said.

Intel will also look more favourably on bug bounty submitters who work in a field aligned with the company's strategic direction, and who are professional and timely in their efforts.