OnePlus opens its own paid security-incident bounty program
OnePlus has come a long way since it started up with a single phone 6 years ago. Now, it has unveiled its own paid bug-hunting initiative, OneSRC. This program, like those associated with other OEMs, offers cash in exchange for reports of unique vulnerabilities in its own software products.
Accordingly, this new scheme offers cash rewards for the discovery of security defects in code owned by OnePlus. The criteria under which reports can be filed include that they relate specifically to the incident types in question, and have never been documented elsewhere.
Admittedly, this OEM's new bounty program is not quite as extensive as those associated with other companies, such as Google's Android Security Rewards Program, which offers up to US$1000000 for the discovery of potential severe exploits that affect the Titan M security chipset. OnePlus' rewards, on the other hand, range from US$50 (for "low"-rated bugs) and go through $750-1000 (for "critical" incidents) all the way up to $7000 (for "special cases").