Beginning its journey as a startup, OnePlus is currently one of the most favoured premium smartphone brands, especially millennials. And thus, it has attracted lots of favourable/unfavourable attention since its inception. This eventually led to a security breach in January 2018 exposing credit cards of 40,000 customers. Later, just a month ago, another breach exposed the names, emails, and shipping addresses of customers. However, this time around, the company did not reveal the number of casualties. Thus, OnePlus has now announced two bug bounty programs which will reward up to $7000.
The first of the two Bug Bounty Programs will be run by OnePlus itself dubbed as OnePlus Security Response Center. This program is open for all and interesting security researches can hunt for bugs or threats in OxygenOS, Oneplus Applications, OnePlus Community and official website. Potential threats can be submitted on the OnePlus Security Page and based on the severity of the threats, rewards will be awarded which are categorized as listed below.
- Special – up to $7000
- Critical – $750 – $1500
- High – $250 – $750
- Medium – $100 – $250
- Low – $50 – $100
On the other hand, the second Bug Bounty Program by OnePlus will be carried out by in partnership with HackerOne, a well-known security platform. But unlike the previous program, only selected HackerOne members will be eligible for this one as part of the pilot program. The company may open it to the public later next year.
Pete Lau, founder and CEO of OnePlus said, “OnePlus truly values the privacy of all information our customers entrust to us. The two projects demonstrate OnePlus’ commitment to protect our users’ data through more secure systems and data lifecycles,” while commenting on their Bug Bounty Programs.