OnePlus offers up to $7,000 in new bug bounty programme

OnePlus Global Security Response Centre to engage academics and security professionals to responsibly discover, disclose and re-mediate issues that could affect the security of OnePlus’ systems.

OnePlus is to offer a bug bounty offering up to $7,000 USD to security experts who discover and report potential threats to OnePlus’ systems. The company has also partnered with HackerOne, a hacker-powered security platform as part of its efforts to better protect users from cyber threats.

OnePlus Global Security Response Centre will engage academics and security professionals to responsibly discover, disclose and re-mediate issues that could affect the security of OnePlus’ systems and will help OnePlus proactively counter potential external threats to user security, OnePlus said in a statement.

Security researchers around the world can proactively search for and report OnePlus-related security issues through the new bug bounty programme.

uk iptv

“Rewards for qualifying bugs reports will range from $50 USD to $7,000 USD, depending on the potential impact of the threat,” the company said.

Security researchers are encouraged to report any potential threats to the OnePlus official website, OnePlus Community forums and OnePlus applications. Reports will be reviewed by OnePlus technical experts.

“OnePlus truly values the privacy of all information our customers entrust to us. The two projects demonstrate OnePlus’ commitment to protect our users’ data through more secure systems and data lifecycles,” OnePlus founder and CEO Pete Lau said.

The partnership with HackerOne will help tap into an extensive network of security experts to surface the most relevant security vulnerabilities before they can be exploited by external actors.

The HackerOne collaboration will start as a pilot programme inviting select researchers to test out OnePlus’ systems against potential threats. A public version of the programme is slated to go live later in 2020. All invited researchers will submit their reports through HackerOne.