AMD has partnered with a cybersecurity firm to launch its own bug bounty program with rewards spanning from $500 up to $30,000. AMD has partnered with Intigrity, a crowdsourced security service provider that currently has over a hundred employees in four countries and thanks to additional funding is now expanding further.
Per Intigrity:
“Founded in 2016, Intigriti now has a global team of 100+ employees spread across Belgium, the United Kingdom, the Netherlands, and South Africa. And with the backing of our recent Series B Funding, we’re planning on taking our growth to the next level.”
Scope of AMD Bug Bounty Program (per Intigrity):
“Thank you for your interest in the AMD Bug Bounty Program
The AMD Bug Bounty Program is a collaboration between AMD and the research community. AMD believes that collaboration with security researchers and promoting security research is an important step in helping to improve the security of AMD products. We encourage security researchers to work with us to help mitigate and coordinate the disclosure of potential security vulnerabilities and look forward to working with you!
Eligible AMD branded products and technologies that are in scope of the Program:
3rd Gen AMD EPYC™ Processors (“Milan”)
-Includes AMD EPYC 7xx3, 7xx3X
4th Gen AMD EPYC™ Processors (“Genoa”)
-Includes AMD EPYC 9xx4, 9xx4X
AMD Ryzen™ 7000 Series Mobile Processors with Radeon™ Graphics (“Rembrandt-R”, “Dragon Range”, “Mendocino”, “Phoenix”)
-Includes AMD Ryzen 7020, 7035, 7040, 7045, Athlon™ Gold 7220U, Athlon™ Silver 7120U
AMD Radeon RX 7000 Series (“Navi 3x”) (Latest available version)
AMD Radeon PRO W7000 Series (“Navi 3x”) (Latest available version)
Xilinx Runtime (XRT) (Latest available version)
Bootgen (Latest available version)
Pensando Policy & Security Manager (PSM) (Latest available version)
Please refer to Developer Central for more information.
NOTE: You must purchase/obtain any AMD products on Your own.”
Bounties and rules
Those wanting to join in the hunt need to register with Integrity and make sure to read the scope, code of conduct, terms and conditions, and the lengthy amount of details regarding reporting compliance. AMD has already had to post an update that it had to reject a number of early submissions because they were outside the scope of the program and therefore ineligible so all details for the program must be noted before sending any submissions.