Samsung Bug Bounty Program
Samsung Bug Bounty Program
Written by Lucy Black   
Thursday, 14 September 2017

Samsung has announced a Mobile Security Rewards Program with rewards of up to $200,000 on offer for discovering and reporting vulnerabilities in its mobile devices and services.

The bug bounty program covers all Samsung’s Galaxy mobile devices that are currently receiving monthly and quarterly security update which gives a total of 38 devices,although this my vary by region. It also extends to Samsung Mobile Services, including Bixby, Samsung Account, Samsung Pay and Samsung Pass.

According to the press release from Samsung the Mobile Security Rewards Program is being introduced after a pilot was launched in January 2016 to:

ensure an efficient and productive public introduction to the broader security community.

 samsungsecsq

 

 

The vulnerabilities assigned by Samsung to four levels of severity Critical, High, Moderate and Low are very similar to those in Google's Android Security Program. 

Google offers up to $200,000 for a report that includes an exploit leading to TEE (TrustZone) compromise. A similar sum was billed as the top reward on offer from Apple when it lauched an invitation-only bounty program last year.

The cash on offer from Samsung seems to be equivalent and like Google and Apple the amount of payment for any bug reported is at the discretion of the the company. Samsung states:

Depending on the severity level of the vulnerability, the rewards amount will range between USD $200 and USD $200,000 for qualified Reports. Please understand that no reward will be given to Reports with No Security Impact.

and also stipulates that security risk and impact of a reported bug: 

will be decided by Samsung's internal evaluation in its sole discretion.

The other conditions that need to be borne in mind are:

If the Report does not include a valid Proof-of-Concept, the qualification of rewards will be decided according to reproducibility and severity of the vulnerability, and the rewards amount may be reduced significantly.

Higher rewards amount will be offered for vulnerabilities with greater security risk and impact, and even higher rewards amount will be offered for vulnerabilities that lead to TEE or Bootloader compromise. On the other hand, rewards amount may be significantly reduced if the security vulnerability requires running as a privileged process.

Having another bounty program sounds like good news for security researchers and also for end users of Galaxy devices who can be more confident that their phones are less likely to pose dangerous security risks.

 

samsungdevsq

 

More Information

Samsung Mobile Security

Rewards Program 

Related Articles

New Android Bug Bounty Scheme

Mozilla Increases Bug Bounty

Microsoft Bug Bounty Extends Scope

More Cash For Internet Bug Bounty 

Microsoft and Facebook Launch Internet Bug Bounty Scheme

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, FacebookGoogle+ or Linkedin.

 

 

Banner


Hand Tracking With Nothing But A Webcam
09/06/2018

There have been hand trackers and they didn't really make much of an impression, but a hand tracker that uses just a webcam could be the breakthrough. Webcams are everywhere and the software could add [ ... ]



OpenAI Recruiting Fellows
31/05/2018

OpenAI is currently accepting applications for the next cohort of OpenAI Fellows, a program which offers 6-month apprenticeships in AI research at OpenAI to those who do not have a formal backgro [ ... ]


More News

 

justjsquare

 



 

Comments




or email your comment to: comments@i-programmer.info

 

 

Last Updated ( Thursday, 14 September 2017 )
 
 

   
Banner
RSS feed of news items only
I Programmer News
Copyright © 2018 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.