Digital hardware enthusiasts know that vulnerabilities or bugs are often found in operating systems, processors, and various software (including browsers). Tech giants like Microsoft, Google, Intel, and AMD take these issues very seriously and have all launched bounty programs.
A “bounty program” is a fund established by companies to encourage third-party security researchers and regular users to report any discovered vulnerabilities. Once verified, the reporter is given a monetary reward.
Recently, AMD, in collaboration with Intigriti, launched a new bounty program (Figure 2), encouraging third-party security researchers, hackers, and the public to submit vulnerabilities or bugs found in AMD products through the Intigriti platform for a cash reward.
Intigriti, a third-party security company headquartered in Belgium and founded in 2016, aims to provide companies with a reliable platform to find and resolve security vulnerabilities in their networks and applications.
Through the Intigriti platform, companies can post security challenges or tasks, inviting security experts to test and submit vulnerability reports. Security experts are rewarded for finding and reporting potential vulnerabilities. Intigriti also provides vulnerability management tools to help organizations track the remediation process and ensure the continuous security of their systems, making it a well-respected third-party security research institution.
The reward amount provided by AMD is not fixed and depends mainly on the type and severity of the reported vulnerability, categorized into three types and four levels.
The “three categories” refer to vulnerabilities at the software, firmware, and hardware levels. The “four levels” are low, medium, high, and critical.
For software vulnerabilities, the reward amounts for low, medium, high, and critical levels are $500, $1,500, $5,000, and $10,000, respectively.
For firmware vulnerabilities, the reward amounts for low, medium, high, and critical levels are $1,000, $3,000, $9,000, and $15,000, respectively.
For hardware vulnerabilities, the reward amounts for low, medium, high, and critical levels are $2,000, $5,000, $15,000, and $30,000, respectively. For more details, please refer to the above figure.
AMD states that in addition to submitting vulnerabilities through the Intigriti platform, the public can also submit directly to AMD, but this submission method does not guarantee a reward. Once the reported vulnerability is verified and confirmed by AMD, the company may acknowledge the contributor in a security bulletin.
Overall, this is good news, mainly targeting third-party security researchers with technical expertise, allowing them to earn rewards by submitting vulnerabilities. Additionally, regular users can also keep an eye on AMD’s software and hardware. AMD places no restrictions on the identity of the submitter, and as long as the reported vulnerabilities and bugs are genuine, rewards will be granted.
Disclaimer: This article is created by the original author. The content of the article represents their personal opinions. Our reposting is for sharing and discussion purposes only and does not imply our endorsement or agreement. If you have any objections, please contact us through the provided channels.