In November, One Plus announced its second data breach in two years. To that end, the handset maker has pledged to launch the Deworming Bounty program by the end of 2019 to enhance community trust and its own security. Today, the company officially announced the Deworming Bounty program, which results in a $7,000 reward for researchers who submit bugs. If you find a bug or vulnerability, you can register an account and submit it to the authorities.
(From: OnePlus, via TheVerge)
Interestingly, the company’s Security Response Center (OneSRC) also has a Hall of Fame that highlights the top three contributors each month.
The level of bounty currently defined is as follows:
Special case: up to $7000;
Severity: $750 to $1500;
Advanced: $250 to $750;
Medium: $100 to $250;
Minimum: $50 to $100.
The company will judge the severity of the vulnerability and its impact on the actual business, isaid. The company also partnered with HackerOne.
In November, One Plus said it would work with a world-renowned security platform, and now it’s known that the other side is HackerOne.
The partnership began with a pilot program to invite some security researchers to test a one-plus system.
A public version of the program will be officially launched in 2020.
In January 2018, a security vulnerability affecting up to 40,000 customers was announced, resulting in the theft of customer credit card information.
As for the second data breach in November 2019, a plus indicates that some customers’ names, contact numbers, email and shipping addresses have been exposed. Fortunately, payment and account information remains secure, but the company did not specify how many customers were affected.