OnePlus has introduced a new bug bounty programme and partnered with HackerOne to help improve its security efforts. The rewards for qualifying bug reports will range from $50 to $7,000 depending on the nature of the flaw. OnePlus says that it will engage with academics and security professionals to responsibly discover, disclose, and fix issues that could affect the security of OnePlus’ systems in the future. The company has separately partnered with HackerOne as well to proactively defend against threats.
With the increasing in phishing and hacking practices, OnePlus is proactively taking measures to prevent major security threats from potentially compromising user data. To this effect, it has introduced a new OnePlus Security Response Center that will engage with top security professionals and academics in the security industry to proactively scan, discover, and disclose any security threats in the OnePlus systems. This new authoritative body will ensure that a streamlined process is maintained by the researcher and OnePlus for seamless conversation to enable quick fixes for the discovered threat. As mentioned, the new OnePlus Security Response Center will offer bug bounty ranging from $50 to $7,000 to security experts who discover and report on potential threats to OnePlus’ systems through the new bug bounty programme.
If a security researcher finds a threat, they can report it to the OnePlus official website, OnePlus Community forums or OnePlus applications. OnePlus has also introduced a new dedicated site for security experts to submit vulnerability reports, read the terms of the full programme, and get the standardised form for reporting security issues. Technical experts at OnePlus will review the report and offer feedback accordingly
Separately, OnePlus has also partnered with renowned hacker-powered security platform HackerOne to tap into their extensive network of security experts to surface the most relevant security vulnerabilities before they can be exploited by external actors. This collaboration will start as a pilot programme, inviting select researchers to test out OnePlus’ systems against potential threats. The program will go public later in 2020. OnePlus looks to gain insight from top security researchers, academic scholars, and independent experts to help scan potential threats to OnePlus’ systems. These new proactive efforts from OnePlus are commendable, especially in times when unethical hacking practices are reported regularly. OnePlus is also efficient in rolling out security patches to its users, and was one of the first companies to bring Android 10 to its smartphone portfolio.