The Intel Security Center now has a new page that describes Intel’s Bug Bounty Program:
Intel® launches its first bug bounty program
Intel® Bug Bounty Program
At the CanSecWest Security conference on March 14, 2017, Intel launched its first Bug Bounty program targeted at Intel Products. We want to encourage researchers to identify issues and bring them to us directly so that we can take prompt steps to evaluate and correct them, and we want to recognize researchers for the work that they put in when researching a vulnerability. By partnering constructively with the security research community, we believe we will be better able to protect our customers.
Scope and Severity Ratings
Intel Software, Firmware, and Hardware are in scope. The harder a vulnerability is to mitigate, the more we pay
Vulnerability Severity Intel Software Intel Firmware Intel Hardware
Critical Up to $7,500 Up to $10,000 Up to $30,000
High Up to $2,500 Up to $5,000 Up to $10,000
Medium Up to $1,000 Up to $1,500 Up to $2,000
Low Up to $500 Up to $500 Up to $1,000
A few details on items that are not in the program scope:
Intel Security (McAfee) products are not in-scope for the bug bounty program.
Third-party products and open source are not in-scope for the bug bounty program.
Intel’s Web Infrastructure is not in-scope for the bug bounty program.
Recent acquisitions are not in-scope for the bug bounty program for a minimum period of 6 months after the acquisition is complete.