24 December 2019
OnePlus has suffered from two security breaches in two years and the most recent one happened just last month. The latter is when it also promised to start a bug bounty program with the goal of improving its cybersecurity. Now, it has delivered on the same promise as it has announced its official bug bounty program named OnePlus Security Response Center aka OneSRC as well as a partnership with HackerOne, a renowned hacker-powered security platform.
Starting with OneSRC, it is a program under which OnePlus is encouraging anyone to discover security-related bugs and report them to OnePlus' systems. It is a global program that means anyone can spot and report bugs to get rewarded. OnePlus says that it will offer rewards between $50 to $7,000 depending on the discovered bug's impact potential. It means more critical a bug is, higher the reward will be.
Here is a more detail distribution of rewards:
- Special cases: up to $7,000
- Critical: $750–$1,500
- High: $250–$750
- Medium: $100–$250
- Low: $50–$100
OnePlus says that anyone can submit discovered bugs through its official website, Community forums or smartphone apps. All received bugs will be reviewed by their official technical experts. It has even set up a dedicated website for the program where interested parties can get detailed information. It also has a Monthly Hall of Fame section for top contributors of the month.
As for the partnership with HackerOne, it will invite select security researchers from around the globe to test their systems for any potential security risks. It will start with a pilot program followed by a public version scheduled for release later in 2020.