GREAT NEWS FOR HACKER TYPES who like to take money from their victims: Intel has launched its very first bug bounty program and Microsoft has opened one for Office Insiders.
As an outsider it's hard to get enthused, but people who make money from this kind of thing will be glad to hear that while Intel took its time, it is offering some decent cashola.
Intel launched its program at the HackerOne conference, which a lot of companies also do, and its top whack payout is a decent $30,000. Before you get too excited, the program does not apply to Intel Security products, or McAfee stuff if you prefer.
"Intel Software, Firmware, and Hardware are in-scope. The harder a vulnerability is to mitigate, the more we pay," said Intel as it stood waving a wad of cash in everyone's direction.
"Intel considers several factors when determining the severity of a vulnerability. Our first step is to use the CVSS 3.0 calculator to compute a base score. The base score is then adjusted up or down based on the security objectives and threat model for the given product."
Of course, the biggest money goes towards the most critical of vulnerabilities. Here you can get $7,500 for a software bug, $10,000 for firmware, and $30,000 for hardware. Low-risk threats are worth $1,000, a least according to Intel.
"Individuals across the globe can receive monetary rewards for submitting security vulnerabilities found in Microsoft Office Insider slow build shipping on the latest, fully patched version of Windows. Office Insider preview updates are delivered to customers in different rings. For the bounty program, we request you submit bugs on the Office Insider Preview slow ring" said the firm,
"Qualified submissions may be eligible for payment from a minimum of $500 USD to $15,000 USD, and bounties will be paid out at Microsoft's sole discretion based on the quality and complexity of the vulnerability. Certain submissions may be eligible for bounties of more than $15,000."
The money might be lower but there is a deadline here that might make the Microsoft option more enticing. The crack cash opportunity only lasts from 15 March to 15 June so you'd better get, um, cracking if you want a piece. µ
Siri-powered speaker will start shipping on 9 February
Staffers are at risk of falling victim to spear phishing attacks
But you probably won't be able to afford it
Squash one bug and another pops up in its place, or so it would seem