Intel Corporation

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
Firmware OTHER high high high critical
- UEFI BIOS (Tiano core components for which Intel is only named maintainer) - Intel® Management Engine - Baseboard Management Controller (BMC) - Motherboard / System (e.g., Intel Compute Stick) - Solid State Drives
Hardware OTHER high high high critical
- Processor (inclusive of micro-code ROM + updates) - Chipset - FPGA - Networking / Communication - Motherboard / System (e.g., Intel Compute Stick, NUC) - Solid State Drive
Software OTHER high high high critical
- Device driver - Application - Tool

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
Intel Freeware Applications OTHER none
Intel freeware applications are out of Scope. However, if you have a security vulnerability in an Intel freeware application, please send your report to the Intel Product Security Response Team (PSIRT) at secure@intel.com. Please remember to encrypt your report using the Intel PSIRT public key, which can be found at https://security-center.intel.com .
Intel Open/Prototyping Platforms OTHER none
Intel products intended for prototyping use or that are “open” in order to provide customers with debugging capability are out of Scope.
Intel's Web Infrastructure, i.e., *.intel.com OTHER none
Intel’s web infrastructure, i.e., website domains owned and/or operated by Intel, fall out of Scope. Please send security vulnerability reports against intel.com and/or related web presence to external.security.research@intel.com
Intel-Maintained Open Source Projects OTHER none
Intel-Maintained open source software projects fall out of Scope. Please see www.01.org/security for information on reporting security vulnerabilities in Intel-maintained open source projects.
McAfee Products OTHER none
Products of former Intel subsidiary McAfee fall out of Scope. Please send vulnerability reports against McAfee products to the McAfee product security team. For more information, visit https://www.mcafee.com/us/threat-center/product-security-bulletins.aspx
Recent Acquisitions OTHER none
Recent acquisitions by Intel are out of Scope for the Bug Bounty program for a minimum period of 6 months after the acquisition is complete. If you have a security vulnerability in a product recently acquired by Intel, please send your report to the Intel Product Security Response Team (PSIRT) at secure@intel.com. Please remember to encrypt your report using the Intel PSIRT public key, which can be found at https://security-center.intel.com .
Third-Party Products OTHER none
Third-party products that do or do not contain Intel-branded products or technology fall out of Scope. However, if the issue is root-caused to an Intel-branded product or technology, please submit your report under the appropriate Scope type above. Please remember to encrypt your report using the Intel PSIRT public key, which can be found at https://security-center.intel.com .
Open Chassis Physical Attacks OTHER none
Submissions that require an attacker to physically open the case, including removing screws or breaking plastic casing (open chassis) to gain access to the internal hardware of a device are out of scope.