What is Project Circuit Breaker?
Project Circuit Breaker is a community that fosters and develops new security research on Intel products. This may present itself in many different forms, such as “Show and Tell” videos, live hacking events, Capture the Flag events, immersive training events, and blog and social media conversations.
How is this different than the general Intel® Bug Bounty Program ?
We encourage anyone who has found a potential vulnerability in any Intel product to report through the existing open Bug Bounty Program. More info about how to submit a vulnerability can be found here. Our security response team will work with you to evaluate reported submissions and determine whether the potential vulnerability is eligible for a bounty payment, according to Intel’s Bug Bounty terms and conditions.
In addition to paying out bounties for novel vulnerabilities according to our general Bug Bounty Program, there are some areas we are interested in exploring further to accelerate security. That is why we are expanding the Bug Bounty Program to create this community of security researchers to partner with Intel engineers on some special projects. Project Circuit Breaker will offer bounty kickers, training opportunities, and special limited access to Intel engineers and products.
However you choose to participate, happy sleuthing and thank you for helping us improve cyber security.
What training is available?
We are still developing content as you read this. Keep checking back for unique training opportunities and activities.
How will the researchers be recognized for their findings?
If, during a hosted event, a researcher identifies a security issue, we ask that they comply with coordinated vulnerability disclosure practices and the Project Circuit Breaker Rules of Engagement and Code of Conduct. Intel intends to publicly disclose security vulnerabilities in accordance with our regular Product Security Incident Response Team (PSIRT) process. More information on this process can be found here. Further, Intel may invite the researcher to create a “Show and Tell” session explaining the findings to be published on Intel owned websites or social media.
Will there be awards and swag?
Yes, we love awards and swag. These will vary by event, but we aim to publicly acknowledge, award, and deck out our researcher participants.
Can I mention this program on social media?
Sure you can. @IntelSecurity is the best account to use; Project Circuit Breaker doesn’t have a social presence at this time but you can tag the program using #ProjectCircuitBreaker. You may also mention @Intel if you like. If you have criticisms, we ask that you contact us privately first to allow the opportunity for us to converse, understand, and improve on your experience.
Why should I participate in ‘x’ event?
- Exclusive access to collaborate with and learn from Intel’s product and security teams
- Receive training that will help you research on brand new Intel products
- Earn bounties on a product that is not currently available for testing to all bug bounty researchers
- A limited number of researchers from around the world will be chosen for the training
- Bounty multipliers, recognition, awards, and swag will be available for participants
When will the event take place and how long will it last?
Each event will be scaled to specific needs; most events will operate for two to six months. See the event-specific page for more details.
How much time will be required of me?
During events, Intel will provide training sessions which are developed to include 1 to 3 hours of material and will be delivered, on average, 2 to 3 times per month. The product and/or environment will remain available for the entire duration of the event, allowing for as much hacking and security research as participants want.
How will this event take place?
The majority of most events will take place virtually. Training and interactive sessions will be hosted through video conferencing software. Participants will be given access to a physical or virtual Intel product and/or environment for hacking; write-ups will be submitted to the designated platform. See the event-specific page for more details.
How can I get invited to participate in an event?
Please check back for upcoming events. We will be sure to post instructions for events that are open to the general community. As we grow and learn we would like to host several different types of live hacking, immersive training, Capture the Flag and other events per year.
In the meantime, we invite you to join our general Bug Bounty Program where you can report bugs found in any eligible technology. You can register here.
Are there events open to all security researchers?
We are working on some exciting new Capture the Flag events and other activities where we plan on issuing an open call for participants. Stay tuned for more information.
Why limit the number of participants?
Every event offered by Project Circuit Breaker will have certain limits that come with it. Per-event limits enable the Project Circuit Breaker team to host more events spanning more products and overall engaging more security researchers (and hopefully finding more security vulnerabilities).
Will a non-disclosure agreement (NDA) be required?
Probably. See the event-specific page for details.
What will the NDA limit?
As little as possible. More details about the limits imposed by the NDA will be shared to participants during each event. Some information presented during an event may be proprietary to Intel and therefore must be protected. Each event is developed in conjunction with the open and continuous Intel® Bug Bounty Program and all findings submitted will be governed by a similar set of rules.
Participant Eligibility Criteria
All criteria must be met in order to participate in Project Circuit Breaker.
- You are reporting in your individual capacity or, if you are employed by a company or other entity and are reporting on behalf of your employer, you have your employer’s written approval to submit a report to Project Circuit Breaker
- You are at least 18 years of age, and, if considered a minor in your place of residence, you have your parent’s or legal guardian’s permission prior to reporting
- You are not a resident of a U.S. Government embargoed country
- You are not on a U.S. Government list of sanctioned individuals
- You are not currently nor have been an employee of Intel Corporation, or an Intel subsidiary, within 6 months prior to participating in this event
- You are not currently nor have been under contract to Intel Corporation, or an Intel subsidiary, within 6 months prior to participating in this event