Upto $30K : AMD to Reward ANYONE for Finding Bugs in Their Products

AMD has launched a bug bounty program, offering rewards of up to $30,000 for finding vulnerabilities in their products.

Introduction

AMD has partnered with Intigriti, a provider of crowdsourced security services, to introduce a new bug bounty program. Through the Intigriti platform, AMD rewards security researchers and ethical hackers who identify bugs in its hardware, firmware, or software with monetary incentives. AMD announces upto $30K for finding bugs in their products.

Here’s a breakdown of the rewards:

  • Software bugs: $500 to $10,000
  • Firmware bugs: $1,000 to $15,000
  • Hardware bugs: $2,000 to $30,000

If you’re interested in participating in the program, you can learn more about it on the AMD website https://hackerone.com/amd. The program is managed by Intigriti, a crowdsourced security services provider.

Follow us on Linkedin for everything around Semiconductors & AI

AMD bug bounty programs for Products

Previously, AMD operated a private bug bounty program limited to selected participants. With the expansion to the public, a broader range of experts now have the opportunity to contribute by uncovering potential issues within AMD’s products. Additionally, the diversity of testers involved may lead to findings from fields not traditionally included in AMD’s private testing.

Notably, AMD has faced bugs in its products such as the Ryzen 7000 processors experiencing socket melting in 2023, severe BIOS vulnerabilities spanning from the original Zen to the latest Zen 4 processors in 2024, and unintended overclocking limits on the RX 7900 GRE GPUs in 2024. Bug bounty programs play a crucial role in proactively identifying and addressing such vulnerabilities.

AMD’s rewards for bugs

Monetary rewards offered by AMD through the Intigriti platform vary based on the severity of the bug and the category of the affected product. Furthermore, successful bug bounty participants can expect rewards based on these criteria:

Bug severityLowMediumHighCritical
Hardware$2,000$5,000$15,000$30,000
Firmware$2,000$3,000$9,000$15,000
Software$500$1,500$5,000$10,000

Read more AMD MI300X Gets Microsoft Endorsement, Aims for 100x Efficiency Boost by 2027 – techovedas

Eligibility Requirements for Submissions:

Your submission may be rejected if it is missing any of the following information:

  1. The name(s) of the AMD product and/or technology and the respective version information.
    • You must clearly identify and consider the AMD product or technology you reference as an in-scope product at the time of your submission.
    • You must identify the vulnerability as original, one that you have not previously reported to AMD, nor publicly disclosed at the time of your submission.
  2. You must demonstrate that the potential vulnerability has been proven against the latest publicly available version of the product or technology in your submission.
  3. Detailed description of the potential security Vulnerability.
    • Your Submission should explain how exploitation of the potential Vulnerability can negatively impact confidentiality, integrity, and/or availability of the affected product(s).
  4. Proof-of-concept that details how to reproduce the potential security Vulnerability.
  5. Within 6 months prior to submitting a report, you were:
    • not an employee of AMD, or an AMD subsidiary.
    • not under contract to AMD, or an AMD subsidiary.
    • neither a family nor household member of any individual who currently meets or met the criteria listed in the two bullet points directly above.

Why do companies have bug bounty program?

Bug bounty programs are vital for tech companies, especially those with widely used products that could impact numerous customers. By engaging in bug bounty programs, companies like AMD can detect and address potential issues before they escalate into major concerns that could affect users significantly.

Other industry leaders like Intel also operate bug bounty programs such as Project Circuit Breaker, which encourages collaboration between community members and Intel staff to identify flaws in its products.

Read more Most Powerful Chips for business PCs: AMD Ryzen Pro CPUs Break the Mold – techovedas

himansh_107
himansh_107
Articles: 117