“Depending on the threat level of a reported bug, security professionals could be rewarded anywhere from $50 (~Rs 3,500) to $7000 (~Rs 5 lakh)”
As promised in November this year, OnePlus has officially announced its very own bug bounty program. After the company revealed that there was yet another data breach in November, a bug bounty program was said to arrive soon. OnePlus has partnered with HackerOne and announced the OnePlus Security Response Centre. This new program is aimed at improving the security of online products such as the OnePlus online store. The main purpose of the OnePlus Security Response Centre is to offer security professionals a place to submit bugs, for which they will be rewarded up to $7,000 (~Rs 5 lakh).
Security experts can head over to the OnePlus Security Response Centre website and submit their bug reports. Any security researcher can look for bugs and loopholes on OnePlus’ systems, which can be exploited by hackers. OnePlus revealed that based on the threat level of a bug, the security professionals will receive rewards from $50 (~Rs 3,500) up to $7,000 (~Rs 5 lakh). After a bug is submitted to the website, the forums, or via applications, a team of technical experts will review the bug reports.
The OnePlus Security Response Centre website shows that the rewards would be given as per certain tiers. For example, special cases will receive up to $7,000 (~Rs 5 lakh), Critical cases will receive between $750 (~Rs 54,000) to $1,500 (~Rs 1,07,000), high impact cases will receive $250 (~Rs 18,000) to $750 (~Rs 54,000), medium threat cases will get $100 to $250, and low threat level bugs will receive $50 (~Rs 3,500) to $100 (~Rs 70,000). The reward will be based on how severe the vulnerability is and the impact it will have on business.
The complete terms and conditions for the program is available at security.oneplus.com, along with a form for submitting security bug reports. The announcement also included the news about OnePlus partnering with HackerOne. This partnership will mean that OnePlus will receive information on security and threats from the experts from HackerOne, which is a well-known security company. The experts at HackerOne aim to find the bugs before other hackers can exploit them. The collaboration with HackerOne will also go public next year, whereas it is currently a pilot program with only invited researchers.