Intel Bug Bounty Program
Collaborating with the Research Community
Product security is enhanced with more people looking. We have smart, talented engineers and researchers working internally—and we engage with some of the best and brightest external security researchers and academics across the globe to help us identify and mitigate security vulnerabilities in Intel products.
Our Bug Bounty Program encourages collaboration with the research community and incentivize researchers to report vulnerabilities in Intel products. Through the Bug Bounty program, Intel invites researchers to test specific targets, submit vulnerabilities, and get paid for their work. Intel’s Bug Bounty Program has grown and evolved significantly since launch in 2017, starting with a handful of select security researchers. In 2018, Intel moved to a Bug Bounty program available to all eligible members of the public and has now worked with over 250 researchers worldwide. In 2020, 105 of the 231 Common Vulnerabilities and Exposures (CVEs) Intel addressed were reported through the Bug Bounty program.
As with similar industry programs, the Intel Bug Bounty program is part of our broader Product Security Incident Response Team (PSIRT) program supporting our Coordinated Vulnerability Disclosure (CVD) process.
Reporting a Security Vulnerability
If you believe you've found a security vulnerability in an Intel product or solution, we encourage you to notify us through our Bug Bounty Program and work with us to mitigate and to coordinate disclosure of the vulnerability.
Watch this video, So You Found a Vulnerability, to find out what you can expect when participating in Intel’s Bug Bounty program.
Bug Bounty Process
Each security bug report is individually evaluated based on technical details to determine severity and next steps.
- Assessment: PSIRT ensures that all requested information has been provided for Triage. See the Reporting a Vulnerability page for a list of required information.
- Triage: A team of Intel product engineers and security experts determines if a vulnerability is valid and an eligible Intel product or technology is impacted.
- Vulnerability severity determination: PSIRT works with product security engineers and security experts to determine the severity and impact of a vulnerability.
Awards range from $500 up to $100,000, based on quality of the report, impact of a potential vulnerability, severity, delivery and quality of a proof of concept, and type of vulnerability.
Bug Bounty Eligibility
The program covers eligible Intel branded products and technologies maintained and distributed by Intel.
For full details, see the full list of Intel® Bug Bounty Program Terms.
Incentive Programs
Intel added a bonus incentive to focus on firmware and hardware within some Pentium®, Celeron®, and Intel Atom® processors.