pixel_dreams - Fotolia
Risk & Repeat: Intel bug bounty tackles side channel attacks
In this week's Risk & Repeat podcast, SearchSecurity editors examine Intel's new bug bounty for side channel attacks and what it says about Meltdown and Spectre.
Do chipmakers believe Meltdown and Spectre are true security vulnerabilities? A new Intel bug bounty program may provide an answer to that question.
Intel made several changes to its bug bounty programs last week, including the introduction of a temporary program for side channel attacks like Meltdown and Spectre. The new program, which runs throughout 2018, offers researchers up to $250,000 for new vulnerabilities that enable side channel attacks on Intel hardware and software.
Intel has been reluctant to describe Meltdown and Spectre as vulnerabilities in the past; official statements from the chipmaker have used terms such as security exploits and software analysis methods rather than referring to them as bugs or vulnerabilities. However, the new Intel bug bounty program may be a sign that the company has changed its view on the matter.
What does the new Intel bug bounty program say about Spectre and Meltdown? Will the new program be successful? How should the tech industry view side channel attacks like these for bug bounties? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.