Samsung's New Mobile Security Program Is Offering Cash For Bugs
Samsung has announced the upcoming launch of its new Mobile Security Rewards Program, a bug bounty program that offers cash in exchange for finding security issues with Samsung mobile products. The Korean company describes this as a 'vulnerability rewards program,' explaining that it hopes security researchers will task themselves with seeking out any potential issues with the company's mobile gadgets and/or their related software.
Samsung has steadily worked toward a more secure future for its mobile devices. Back in October 2015, for example, the company started pushing out security updates for its flagship mobile devices on a monthly basis. Following that, the company introduced a pilot for this rewards program in January of last year, ironing out all the wrinkles before this wider public launch.
All of Samsung's mobile devices that are receiving either monthly or quarterly security updates are covered by this security rewards program; there are 38 devices that meet this criteria, at the moment, though that may vary a bit depending on which market you're located in. Some Samsung Mobile Services are also covered by this, including Samsung Account/Pay/Pass and Bixby.
Individuals who find and submit bugs to Samsung will potentially get up to $200,000 in rewards. The amount given will depend on a few things, though, such as demonstrating proof of concept and also how severe the vulnerability is. Samsung has launched a page on its security website for this bug, detailing all of the fine print.
Notably, Samsung isn't interested in bugs that don't have a security impact, nor does it care about exploits that require a 'complex scenario' to pull off. The company is classifying bugs at severity levels ranging from low to critical, with the lowest reward amount being $200.
SOURCE: Samsung