As the fallout continues around the Spectre and Meltdown security flaws, Intel is launching a new bug bounty program focused on side channel vulnerabilities similar to Spectre.
The company this week announced that the new program would run through to 31 December and that Intel will offer awards of up to US$250,000 for finding critical issues relating to side-channel vulnerabilities.
"Working closely with our industry partners and our customers, we encourage responsible and coordinated disclosure to improve the likelihood that users will have solutions available when security issues are first published," said Rick Echevarria, vice president and general manager of Platform Security at Intel, in a statement.
"Our Bug Bounty Program supports this objective by creating a process whereby the security research community can inform us, directly and in a timely fashion, about potential exploits that its members discover."
Also, Intel said that it was expanding its existing bug bounty program, announced in March 2017, so that the program is open to all security researchers instead of being invitation only. It is also raising bounty awards across the board, including increasing the top reward for critical hardware flaws in its regular bug bounty program from US$30,000 to US$100,000.
The Spectre and Meltdown security flaws, which were revealed in January and had impacted chips from multiple vendors, including Intel, AMD, and ARM. The defects, which account for three variants of a side-channel analysis security issue in server and PC processors, potentially could enable hackers to access protected data.
Intel has made substantial investments in security on the heels of Spectre and Meltdown, including the recent formation of an internal security group, the Intel Product Assurance and Security Group.
"We will continue to evolve the program as needed to make it as effective as possible and to help us fulfill our security-first pledge," said Echevarria in the statement. "We believe these changes will enable us to more broadly engage the security research community, and provide better incentives for coordinated response and disclosure that help protect our customers and their data."