Intel offers bounties for Meltdown, Spectre bug hunters

Chip giant Intel is reaching out to security researchers with an expanded bug bounty program that offers rewards for the discovery of vulnerabilities like the Meltdown and Spectre side-channel information disclosure flaws.

Intel's broad bug bounty program launched in March last year on an invitation-only basis. It has now been opened up to all security researchers who are over 18 and not residents of countries blacklisted by the United States.

Until December 31 this year, Intel will pay up to US$250,000 (A$316,200) for vulnerabilities like Meltdown and Spectre discovered in the company's hardware that can be exploited via software. 

The program also features permanent bug bounties of up to US$10,000, US$30,000 and US$100,000 for critical flaws found in Intel software, firmware and hardware respectively.

Eligible Intel products include its processors and microcode read-only memory.

Chipsets, field-programmable gate arrays, networking and communications devices, motherboards and solid state storage from Intel are also eligible. 

Intel said "coordinated disclosure is widely regarded as the best way to responsibly protect customers from security exploits" as it minimises the risk of vulnerability information becoming publicly known before mitigations are available.

The company has struggled with its response to the Meltdown and Spectre hardware flaws, and was forced to withdraw its initial microcode patches after customer reports of system instability and spurious reboots.