AMD has announced a new public bounty hunting program offering some serious rewards for participants discovering security vulnerabilities.
Until now, the popular chipmaker only had a private bug bounty programs, inviting a handful of security researchers to participate. Now, with the public program, anyone can report their findings to the company and even potentially earn big payouts.
To launch the program, AMD partnered with crowdsourced security services provider, Intigriti. Security researchers looking to report bugs will now be able to go through the Intigriti platform, report their findings there, and earn between $500 and $30,000 per bug.
Securing the silicon
- Software bugs carry the smallest payouts: $500 for low-severity vulnerabilities, $1,500 for medium-severity, $5,000 for high-severity, and $10,000 for critical-severity ones.
- Firmware bugs fare somewhat better: $1,000 for low-severity flaws, $3,000 for medium severity, $9,000 for high severity, and $15,000 for critical severity.
- Finally, hardware bugs are where the big payouts lie – $2,000 for discovering a low-severity flaw, $5,000 for a medium-severity one, $15,000 for a high-severity one, and $30,000 for a critical severity bug discovery.
The discovery of Spectre, Meltdown, different side-channel, branch prediction, and other speculative execution vulnerabilities directly harmed the performance of AMD silicon, as well as that of other major chip manufacturers. Hence, finding critical vulnerabilities before they can cause any major harm is pivotal, and tapping into the larger cybersecurity community to do that makes sense.
After all, AMD has had a fair share of bugs recently, Tom’s Hardware reports, including the AMD Ryzen 7000 processors melting in their sockets (2023), severe BIOS security vulnerabilities from the original Zen to the latest Zen 4 processors (2024), and the unintended overclocking limits set on the RX 7900 GRE GPUs (2024).
More from TechRadar Pro
https://cdn.mos.cms.futurecdn.net/e3jGwweDQdfFbswmYmjC8j-1200-80.jpg
Source link