Home Technology News Today Intel Tried to Bribe Dutch University to Suppress Knowledge

Intel Tried to Bribe Dutch University to Suppress Knowledge

271


Cybersecurity researchers on the Vrije Universiteit Amsterdam, also called VU Amsterdam, allege that Intel tried to bribe them to suppress data of the newest processor safety vulnerability RIDL (rogue in-flight information load), which the corporate made public on May 14. Dutch publication Nieuwe Rotterdamsche Courant stories that Intel provided to pay the researchers a USD $40,000 “reward” to allegedly get them to downplay the severity of the vulnerability, and backed their provide with an extra $80,000. The workforce politely refused each affords.

Intel’s safety vulnerability bounty program is shrouded in CYA agreements designed to reduce Intel’s losses from the invention of a brand new vulnerability. Under its phrases, as soon as a discoverer accepts the bounty reward, they enter right into a NDA (non-disclosure settlement) with Intel, to not disclose their findings or talk within the regard with another individual or entity than with sure approved individuals at Intel. With public data withheld, Intel can work on mitigation and patches in opposition to the vulnerability. Intel argues that data of vulnerabilities changing into public earlier than it is had an opportunity to deal with them would give the dangerous guys time to design and unfold malware that exploits the vulnerability. This is an argument the individuals at VU weren’t prepared to purchase, and thus Intel is pressured to reveal RIDL at the same time as microcode updates, software program updates, and patched {hardware} are solely starting to come back out.

Update: (17/05): An Intel spokesperson commented on this story.

Intel contacted us with an announcement on this story pertaining to the phrases of its bug bounty program:

“We [Intel] believe that working with skilled security researchers across the globe is a crucial part of identifying and mitigating security vulnerabilities. One of the ways we engage with researchers is through our bug bounty program. We provide a clear overview of our bug bounty program requirements, eligibility and award schedule on our website.”



Source hyperlink

LEAVE A REPLY

Please enter your comment!
Please enter your name here