Introducing the Arm Bug Bounty program

Arm is the AI platform for everyone. AI models and data are valuable, so the journey to AI everywhere involves a strong commitment to security. Devices are more connected due to distributed workloads and heterogeneous compute. This increases the number of potential attack surfaces for bad actors. Arm’s Security Development Lifecycle, relentless architectural innovation, and product security incident response team (PSIRT) ensure risk is reduced throughout the development and delivery of Arm-based products.

The global security community is built upon a rich understanding of today’s complex technology landscape, where new risks are discovered by independent and highly skilled individuals. Arm recognises the talent of this community and invites it to participate in its bug bounty program, helping accelerate the identification and resolution of new risks before they are exploited.

The Arm Bug Bounty program, run in partnership with Intigriti, begins by inviting skilled security researchers to look at the software and firmware for Arm's Mali and Immortalis GPUs. This is an independent extension of Arm’s existing collaborative security testing with partners, such as the assessment of a GPU implementation running on millions of Android devices worldwide. Whilst validation takes place as part of Arm's Security Development Lifecycle, a bug bounty enables ethical hackers to explore their own methodologies. This additional level of testing can therefore deliver diverse perspectives that make Arm-based systems more secure throughout their lifecycle. Over time, the bug bounty scope will increase beyond GPUs, encompassing more of Arm’s technology.

Those wishing to participate can apply to join the program now by signing up here:

Join the Arm Bug Bounty program (Intigriti login needed)

The bug bounty program is one of many security initiatives taking place at Arm. Two recent examples include: 

1. Arm has achieved its first ISO 21434 certification with Maturity Level 3. ISO/SAE 21434 is an international standard focused on automotive cybersecurity, providing guidelines for securing electronic systems in road vehicles against cyber threats throughout their lifecycle. Read more here.
2. Arm is part of the Open-Source Security Foundation, which formalizes cybersecurity standards and compliance frameworks. The initiative will support maintainers, manufacturers, and open-source steward prepare for the implementation of the EU Cybersecurity Resilience Act (CRA), with Arm contributing to the development of solutions that ensure cybersecurity in open-source software. More information can be found here.  

If you are interested in being part of our ongoing commitment to security, join our team.

For more on Arm’s systematic approach to product security, visit our webpage.

Arm's Systematic Approach to Product Security