A few weeks back in November, OnePlus announced its second data breach in two years. It exposed the private data of some of its users. However, the company did not reveal exactly how many users were affected. With an aim to boost its cybersecurity to defend against threats proactively, OnePlus announced two new initiatives. The first initiative is the new OnePlus Security Response Centre will offer a bug bounty to security experts who discover and report on potential risks to OnePlus’ systems.
The second initiative, OnePlus has also partnered with a well-known security platform called HackerOne. Unlike the first initiative, this one is a bit more exclusive as in which selected security researchers will be invited to test against OnePlus’ systems. Only a few chosen researchers affiliated with the company will test out OnePlus products for security flaws. The program is expected to go live sometime next year.
CEO and founder of OnePlus, Pete Lau, said in a statement:
OnePlus truly values the privacy of all information our customers entrust to us. The two projects demonstrate OnePlus’ commitment to protect our users’ data through more secure systems and data lifecycles.
You can submit bug or vulnerability reports can on the OnePlus website, Community forums, and apps. After the submission, your reports will be reviewed by the company’s technical experts and security researchers. Contributors will be paid anything between $50 to $7,000, depending on how big the threat is.
Assessment and Rewards
OnePlus says, Reward tier is determined based on vulnerability severity and actual business impact.
- Special cases: up to $7,000
- Critical: $750 – $1,500
- High: $250 – $750
- Medium: $100 – $250
- Low: $50 – $100
Things To Know About OnePlus Bug Bounty
- OnePlus has launched a new bug bounty program that will pay up to $7,000 to security professionals who can discover and report potential threats to the company’s systems.
- Researchers can report any potential threats that they discover on the company’s official website.
- Along with the bounty program, OnePlus has also joined hands with HackerOne to discover security vulnerabilities before they can be exploited.