Intel Expands Its Bug Bounty Program with Project Circuit Breaker

“Bug bounty programs are a powerful tool to continuously improve the security of our products,” said Tom Garrison, vice president and general manager of Client Security Strategy & Initiatives at Intel.

With Project Circuit Breaker, Intel is expanding its Bug Bounty program, bringing together a community of skilled hackers to seek defects in firmware, hypervisors, GPUs, chipsets, and more. Project Circuit Breaker would broaden and deepen Intel’s open Bug Bounty program by organizing timed events on specific new platforms and technologies, giving training, and allowing for greater hands-on cooperation with Intel engineering employees.

Photo Katie Noble, director, Intel Product Security Incident Response Team (PSIRT) and Bug Bounty
“We invest in and host bug bounty programs because they attract new perspectives on how to challenge emerging security threats,” said Katie Noble, director, Intel Product Security Incident Response Team (PSIRT) and Bug Bounty.

“Project Circuit Breaker is possible thanks to our cutting-edge research community. This program is part of our effort to meet security researchers where they are and create more meaningful engagement,” said Katie Noble, director, Intel Product Security Incident Response Team (PSIRT) and Bug Bounty. “We invest in and host bug bounty programs because they attract new perspectives on how to challenge emerging security threats – and Project Circuit Breaker is the next step in collaborating with researchers to strengthen the industry’s security assurance practices, especially when it comes to hardware. We look forward to seeing how the program will evolve and to introducing new voices to the meaningful work that we do.”

Camping with Tigers, Project Circuit Breaker’s inaugural event, is already underway, with a group of 20 researchers receiving Intel Core i7 CPUs (previously known as ‘Tiger Lake’).

Camping with Tigers

Intel is establishing a community dedicated to providing security researchers with training, new hacking challenges, and opportunities to explore new and pre-release products, as well as new collaborations with Intel hardware and software engineers, through Project Circuit Breaker.

Camping with Tigers began in December and will conclude in May, with three milestones offering bounty multipliers for qualified vulnerabilities.

“Bug bounty programs are a powerful tool to continuously improve the security of our products,” said Tom Garrison, vice president and general manager of Client Security Strategy & Initiatives at Intel. “Camping with Tigers – our first event under Project Circuit Breaker – brings together world-class security researchers and our own product engineers to deepen testing and improve resiliency on our 11th Gen Intel Core processors. As we aim to develop the most comprehensive security features, we also realize the incredible value of deeper collaborations with the community to identify potential vulnerabilities and mitigate them for the ongoing improvement of our products.”

Intel’s Security Efforts

Project Circuit Breaker will be a complement to Intel’s existing open Bug Bounty Program, which compensates researchers for discovering new vulnerabilities in Intel-branded products and services. In 2021, 97 of 113 externally discovered vulnerabilities were disclosed through Intel’s Bug Bounty program, which aids Intel in identifying, mitigating, and disclosing vulnerabilities. Intel spends heavily in vulnerability management and offensive security research for the continual development of its products, as evidenced by its Security-First Pledge.

Intel hopes to establish a more varied and united security community through Project Circuit Breaker which will be better prepared to solve the industry’s most pressing security challenges. Since announcing the Bug Bounty program in 2018, Intel has been raising its security efforts by expanding its staff of security specialists and emphasizing industry engagement. Intel’s security professionals are active members of both the Bug Bounty Community of Interest and FIRST, a forum for vendors, bug bounty managers, and security researchers to share experience and best practices (Forum of Incident Response and Security Teams).