OnePlus Announces Paid Bug Bounty Program
A few weeks ago, OnePlus suffered a data breach that exposed the private data of some of its users. As a part of the remedial measures, OnePlus said that it would announce a bug bounty program to tighten its website security.
The first OnePlus bug bounty program is run by the company itself. Named the OnePlus Security Response Center, the bounty program will pay out anywhere from $50 to $7,000 for each security bug researchers can find within Oxygen OS, the OnePlus official website, OnePlus Community forums and other OnePlus applications.
Just about anyone with a functional OnePlus account and an internet connection can report vulnerabilities. You'll need to submit a form on the OnePlus website describing the problem and demonstrate your bug. Lastly, it has to be original and not submitted on any platform. You can find out more about the terms and conditions of the program here. Contributors will be paid anything between $50 to $7,000, depending on how big the threat is.
OnePlus has also collaborated with security firm HackerOne
Apart from its in-house bug bounty program, OnePlus has also partnered with a well-known security platform called HackerOne. Unlike the first program, this one is a bit more exclusive. Only a few chosen researchers affiliated with the company will test out OnePlus products for security flaws. The program is expected to go live sometime next year.
Considering the number of security flaws OnePlus has had over the years, it is high time that the company takes security seriously. OnePlus' Bug Bounty is a start, but the payout is rather paltry. If someone finds a potentially dangerous flaw in the system, they stand to gain more out of selling that information to third-parties for a much higher price.
OnePlus is undoubtedly an excellent smartphone manufacturer and deserves all the accolades for that, but it cannot come at the cost of compromised security. This decade has been host to some of the most outrageous thefts of data we've ever witnessed. OnePlus is, and will be, a prime target for hackers as it is a treasure trove of personal information, thanks to its worldwide popularity.