"Intel Paid Out Over $4.1 Million via Bug Bounty Program Since 2017"

Intel has reported recently that it has paid out more than $4.1 million through its bug bounty program since its creation in 2017.  Intel noted that, on average, between 2018 and 2021, they paid $800,000 through its bug bounty program each year for vulnerabilities discovered in the company's products.  In 2022, it awarded $935,000.  Intel says a total of 243 vulnerabilities were reported in 2022, roughly the same as in the previous three years.  Intel noted that more than half of the 2022 vulnerabilities were found internally by them, and 90 security flaws, representing 37% of the total, were reported via its bug bounty program.  The company engaged 151 researchers last year, more than double compared to the previous three years.  Intel stated that most of the vulnerabilities were discovered in Intel software, processors, and network communications products.  Only two issues were assigned a "critical" severity rating, but 79 were classified as having "high" severity.  Intel has helped create a hardware common weakness enumeration (CWE) list, and 19 of the hardware vulnerabilities addressed last year were assigned to 13 hardware CWEs. 

SecurityWeek reports: "Intel Paid Out Over $4.1 Million via Bug Bounty Program Since 2017"