| Product | Software Asset Manager |
|---|---|
| Location | https://api.intel.com |
| Description | Unified software update mechanism to keep intel software asset secure and up to date in timely and intel-controlled manner. |
| Product | Lantern Rock |
|---|---|
| Location | * analytics.intel.com |
| Location | *.telemetry.intel.com |
| Description | Lantern Rock provides a telemetry and analytics solution to Intel developed software. Instrument your software to gain insights into user behavior, trends and patterns. |
| Product | Neural Object Cloning |
|---|---|
| Location | *.neuralobjectcloning.api.intel.com |
| Location | https://github.com/intel-sandbox/gfxresearch.neural-reflectance-spaces |
| Description | Neural object cloning enables creating high-quality 3D assets using a simple API for everyone. Intel's innovative 3D reconstruction technology streamlines the creation of 3D content, making it as straightforward as recording a video with your phone. Read more: link |
These are a few of many Service products that is available for bounties.
| Product | Telemetry Based Validation |
|---|---|
| Location | https://crowdsource.tbvex.net |
| Description | Operational hosting for CSPV debug and triage used by TBV team. |
| Product | Endpoint Cloud Services |
|---|---|
| Location | vprofleet.intel.com |
| Description | Enable ISV/OEM partners through a set of API's to expand their product offering to include endpoint management and insight services. |
| Product | Intel Device Health |
|---|---|
| Location | *.endpointcloudservices.intel.com |
| Description | Intel® Device Health (IDH) is an innovative service from Intel providing IT up to date information on risks affecting their environments due to unpatched systems. The IDH service will initially be available as an integrated data feed within Aterntity’s Digital Experience Endpoint Management (DEM) Software. |
These are a few of many Service products that is available for bounties.
| Product | Intel Geti SaaS |
|---|---|
| Location | https://app.geti.intel.com/ |
| Location | https://www.intel.com/content/www/us/en/developer/tools/tiber/edge-platform/model-builder.html |
| Description | Intel Geti is a no-code SW application developed by Intel which enables subject matter experts (SME) to solve their problems using machine learning, without any prior machine learning experience. The application can be accessed by the customer either using an interactive web UI, or through an API. |
| Note | Intel Single-Sign On is used for the authentication is managed by Intel IT and not eligible for bounties. Any reports on Intel SSO sent to the Intel® Bug Bounty Program will be forwarded to external.security.research@intel.com on your behalf and closed as informative. |
This is one of many Service products that is available for bounties.
| Product | Intel Edge Software Hub |
|---|---|
| Location | *.edgesoftware.intel.com |
| Description | Download pre-validated software to learn, develop, and test your solutions for the edge. The Edge Software Hub is an online capability for ODMs and ISVs to generate install and validation scripts for various software components from Intel and third-party. See also link |
This is one of many Service products that is available for bounties.
| Product | Intel Quality Center |
|---|---|
| Location | https://www.qualitycenter.intel.com |
| Description | A web application that allows the automation of compliance testing and platform validation. |
This is one of many Service products that is available for bounties.
| Product | AI Software Catalog |
|---|---|
| Location | *.aiswcatalog.intel.com |
| Description | Choose from a broad range of solutions designed to simplify and accelerate your AI development timeline, from training and optimization to deployment. Our catalog includes specialized tools and frameworks optimized for RAG implementations, ensuring you have the resources needed to build cutting-edge AI applications that leverage the latest in retrieval-augmented generation technology. |
This is one of many Service products that is available for bounties.
| Product | Cloud Provisioning Service |
|---|---|
| Location | *.ekop.intel.com |
| Location | *.proseqa.intel.com |
| Location | *.proserv.intel.com |
| Description | Certificate provisioning service for digital certificates. |
| Note | Vulnerabilities present in multiple development branches/environments will not be marked separate issues. |
| Product | Cloud Signing Service |
|---|---|
| Location | *.mtls.css-prod.intel.com |
| Location | *.pss.intel.com |
| Location | *.css-prod.intel.com |
| Location | *.css-prev.intel.com |
| Description | General purpose cloud signing capability for signing digital certificates and other cryptographic payloads. |
| Note | Vulnerabilities present in multiple development branches/environments will not be marked separate issues. |
These are a few of many Service products that is available for bounties.
| Product | Simics Cloud |
|---|---|
| Location | *.workloadmgr.intel.com |
| Location | *.simicsservice.intel.com |
| Location | https://simicsservice.intel.com |
| Location | https://test.workloadmgr.intel.com |
| Description | Web application for managing Xeon workloads to run on various Intel-managed compute clusters. |
| Note | Intel SSO is used for the authentication is managed by Intel IT and not eligible for bounties. Any such reports sent to the Intel® Bug Bounty Program will be forwarded to external.security.research@intel.com on your behalf and closed as informative. |
| Note | Costs incurred by researchers associated with testing will not be refunded by the Intel® Bug Bounty Program. |
This is one of many Service products that is available for bounties.
Intel Bug Bounty Program Expands to Include Services
Intel is excited to announce a significant expansion of its Bug Bounty Program with the inclusion of Services as a new product category within the program's scope. This strategic enhancement underscores Intel's unwavering commitment to security and its proactive approach to identifying and mitigating potential vulnerabilities across its diverse product portfolio.
Effective May 28th, security researchers and ethical hackers are invited to scrutinize Intel's service offerings, including cloud services, software-as-a-service (SaaS) platforms, and other related service-based solutions. By broadening the scope of the Intel(R) Bug Bounty Program, Intel aims to leverage the expertise of the global security community to ensure the highest standards of security and reliability for its customers.
Participants who identify and responsibly disclose vulnerabilities in Intel's services will be eligible for rewards matching the severity and impact of their findings. This initiative not only enhances the security of Intel's services but also fosters a collaborative environment where researchers can contribute to the safety and integrity of cutting-edge technologies.
The launch campaign for this expansion will take place from May 28th through the middle of July. For more details on participation and submission guidelines, please visit the Intel Bug Bounty Program webpage.
Bounty Rewards
| Severity | Reward |
|---|---|
| Exceptional | $ 5,000 |
| Critical | $ 5,000 |
| High | $ 2,500 |
| Medium | $ 750 |
| Low | $ 250 |
Featured SaaS Products
During the launch campaign, we will feature a variety of SaaS products that are included in this expanded program scope. Watch the program announcements page and subscribe to email updates to be the first to hear as we announce SaaS products that are included in this campaign.
Each week, we will announce one or more products included in this campaign. Every featured product will be eligible for rewards! This is a unique opportunity for security researchers to focus their efforts on specific SaaS offerings and potentially earn significant rewards for their contributions. Stay tuned for weekly updates and make sure to participate in this exciting expansion of the Intel Bug Bounty Program.
Notes
Vulnerabilities reported in Intel infrastructure and IT elements that are not part of Intel SaaS products are excluded from this program and launch campaign. While vulnerabilities found in these areas are still valuable, they continue to remain excluded from eligibility for rewards. Instead, these reports will be passed to the External.Security.Research@intel.com team and closed as Informative to receive a neutral rating against the Impact and Validity statistics for your personal profile. We encourage participants to continue reporting all findings, as every contribution helps enhance the overall security of Intel's ecosystem.
The Intel® Bug Bounty Program is strictly scoped to cover products and services that are branded, supported and distributed by Intel. If you are unsure if something is related to a Service or IT Infrastructure, we can help answer that for you; please submit a report or send us an email.
Intel Tiber AI Cloud - This product and all supporting components are excluded from the launch campaign.
Coordinated Vulnerability Disclosure - Intel will generally not include vulnerabilities in Service products in our published Security Advisories (SA). SAs are used for vulnerabilities that meet the requirements for Common Vulnerability Enumeration (CVE) numbering; Services vulnerabilities are not eligible for CVEs. If a vulnerability report will receive a CVE and be included in an SA, you will be notified as usual through your report. After vulnerabilities are mitigated and disclosed by Intel, you are eligible to disclose.
All FPGA products previously developed by Intel are moving under Altera as part of the business separation and are excluded from the Intel® Bug Bounty Program scope and eligibility. Starting Jan 1 2025, please report any vulnerabilities to Altera through www.altera.com/security/psirt.html. Some exceptions may apply for products which remain solely under the Intel® brand and which will continue to be distributed by and supported by Intel. This change will go into effect January 1, 2025. All submissions prior to this date will be reviewed by Intel, any submissions after this date will be evaluated for ownership and directed to the appropriate PSIRT.
For more information about the Altera separation, see news release.