Samsung Bug Bounty Program
Samsung Bug Bounty Program
Written by Lucy Black   
Thursday, 14 September 2017

Samsung has announced a Mobile Security Rewards Program with rewards of up to $200,000 on offer for discovering and reporting vulnerabilities in its mobile devices and services.

The bug bounty program covers all Samsung’s Galaxy mobile devices that are currently receiving monthly and quarterly security update which gives a total of 38 devices,although this my vary by region. It also extends to Samsung Mobile Services, including Bixby, Samsung Account, Samsung Pay and Samsung Pass.

According to the press release from Samsung the Mobile Security Rewards Program is being introduced after a pilot was launched in January 2016 to:

ensure an efficient and productive public introduction to the broader security community.

 samsungsecsq

 

 

The vulnerabilities assigned by Samsung to four levels of severity Critical, High, Moderate and Low are very similar to those in Google's Android Security Program. 

Google offers up to $200,000 for a report that includes an exploit leading to TEE (TrustZone) compromise. A similar sum was billed as the top reward on offer from Apple when it lauched an invitation-only bounty program last year.

The cash on offer from Samsung seems to be equivalent and like Google and Apple the amount of payment for any bug reported is at the discretion of the the company. Samsung states:

Depending on the severity level of the vulnerability, the rewards amount will range between USD $200 and USD $200,000 for qualified Reports. Please understand that no reward will be given to Reports with No Security Impact.

and also stipulates that security risk and impact of a reported bug: 

will be decided by Samsung's internal evaluation in its sole discretion.

The other conditions that need to be borne in mind are:

If the Report does not include a valid Proof-of-Concept, the qualification of rewards will be decided according to reproducibility and severity of the vulnerability, and the rewards amount may be reduced significantly.

Higher rewards amount will be offered for vulnerabilities with greater security risk and impact, and even higher rewards amount will be offered for vulnerabilities that lead to TEE or Bootloader compromise. On the other hand, rewards amount may be significantly reduced if the security vulnerability requires running as a privileged process.

Having another bounty program sounds like good news for security researchers and also for end users of Galaxy devices who can be more confident that their phones are less likely to pose dangerous security risks.

 

samsungdevsq

 

More Information

Samsung Mobile Security

Rewards Program 

Related Articles

New Android Bug Bounty Scheme

Mozilla Increases Bug Bounty

Microsoft Bug Bounty Extends Scope

More Cash For Internet Bug Bounty 

Microsoft and Facebook Launch Internet Bug Bounty Scheme

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, FacebookGoogle+ or Linkedin.

 

 

Banner


Top 10 From Around the Web: More CMS Resources
20/10/2017

This round up of interesting posts from external sites has resources for those working with WordPress, Joomla and Drupal.



Android Instant Apps Updates API
18/10/2017

There's a new version of Google's Android Instant Apps SDK with configuration APKs to improve binary sizes, and a new API to keep user context when they move from an instant app to an installed app.


More News

 

 
 

 

blog comments powered by Disqus

 

 

Last Updated ( Thursday, 14 September 2017 )
 
 

   
Banner
RSS feed of news items only
I Programmer News
Copyright © 2017 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.