Unfortunately, as soon as you hear the word “bribe”, you will find that Intel’s name somehow interacts with that word and the reason is the long and endless history of the twisted ways Intel uses in its field. Recently there was a problem with the security hole that hit the Intel processors, and we talked about that news through this link. We touched on the essential details about it.
On the other hand, we found that one of the parties that are following such security holes is talking about what Intel has done with it, knowing that Intel could not keep up with those leaks to announce the problem on May 14. Security researchers at the University of Vrije Universiteit Amsterdam claim that Intel has tried to bribe them financially to keep them informed about the latest security vulnerabilities that have hit its modern central processing called RIDL.
Dutch site Nieuwe Rotterdamsche Courant reported in his report that Intel had offered researchers a $ 40,000 reward to reduce the severity of the vulnerability and ignore its mention of followers, and supported its first offer with an additional $ 80,000 offer as a form of seduction. Surprisingly, the team of a group of researchers in the field of security and protection rejected all the packages, to belong answer to Intel … cannot buy everyone with money!
Intel’s vulnerability security program aims to expand its ability to influence those around them so that the speed of reporting such dangerous security holes is faster and handled better while not causing much of a fuss. “Do you remember what happened with the loopholes? Security Specter and Meltdown? And how it caused a great embarrassment for Intel? “ Add to that Intel increases the rewards that will be awarded to researchers in the field of security only for those who find new flaws.
However, there is a downside to Intel’s program. According to one of its clauses, once the recipient has accepted the award for disclosure, he enters into a non-disclosure agreement with Intel, not to disclose what has been found or talk about it to any other person or entity except with Individuals licensed by Intel.
With this step and with this, Intel can mitigate the damage as it spreads among all, making it able to fix security vulnerabilities quietly detected. On many occasions, Intel has spoken in defence of its policy that the vulnerability information that becomes widespread before it can be addressed will give unfortunate people the chance to design and deploy malicious programs that exploit this vulnerability. This talk from Intel was not convincing to researchers at VU, so Intel was forced to detect the RIDL security vulnerability with updates to be made.
This information is published up to Intel than a quick response called them, we have contacted Intel to those sources said next to them, “We (Intel) believe that working with researchers security gaps skilled across the world is an essential part of identifying and mitigating security vulnerabilities that occur. One of the ways we engage with researchers is through our security vulnerabilities program. We provide an overview, clear schedule with the presentation of the bonus hunting program requirements of security vulnerabilities through our website. “