Notebookcheck Logo

OnePlus opens its own paid security-incident bounty program

OnePlus has opened its OneSRC. (Source: OnePlus)
OnePlus has opened its OneSRC. (Source: OnePlus)
The OnePlus Security Response Center (or OneSRC) is this OEM's first bug-bounty initiative. It offers cash incentives (in USD) to report deficiencies in its own software. They start from US$50, but go into 3 to 4 figures for the more severe vulnerabilities.

OnePlus has come a long way since it started up with a single phone 6 years ago. Now, it has unveiled its own paid bug-hunting initiative, OneSRC. This program, like those associated with other OEMs, offers cash in exchange for reports of unique vulnerabilities in its own software products.

Accordingly, this new scheme offers cash rewards for the discovery of security defects in code owned by OnePlus. The criteria under which reports can be filed include that they relate specifically to the incident types in question, and have never been documented elsewhere.

Admittedly, this OEM's new bounty program is not quite as extensive as those associated with other companies, such as Google's Android Security Rewards Program, which offers up to US$1000000 for the discovery of potential severe exploits that affect the Titan M security chipset. OnePlus' rewards, on the other hand, range from US$50 (for "low"-rated bugs) and go through $750-1000 (for "critical" incidents) all the way up to $7000 (for "special cases").

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2019 12 > OnePlus opens its own paid security-incident bounty program
Deirdre O Donnell, 2019-12-20 (Update: 2019-12-20)