Samsung pays up to $200,000 in bug bounty program
To improve the security of their products, many high profile tech companies have introduced bug bounty programs. The rewards can be pretty substantial, depending on the severity of the bug and the quality of the report, as Samsung's first such initiative focused on its mobile devices proves.
Called the Mobile Security Rewards Program, Samsung's bug bounty program will pay researchers up to $200,000 for finding security vulnerabilities in its mobile devices and related software.
"As a leading provider of mobile devices and experiences, Samsung recognizes the importance of protecting users’ data and information, and prioritizes security in the development of each of its products and services," says Samsung. "As part of our commitment to security, Samsung is proud to work in close partnership with the security research community to ensure that all of our products are monitored closely and continually for any potential vulnerabilities."
Researchers wanting to take part in the Mobile Security Rewards Program will have 38 mobile devices as their target -- handsets that currently receive security updates on a monthly or quarterly basis from Samsung, like the Galaxy S8 and Galaxy S7.
Samsung says that its Mobile Services suite is also part of the Mobile Security Rewards Program's focus. It includes apps and services like Bixby, Samsung Account and Samsung Pay. Researchers are advised to test on the latest version of the software they are analyzing.
Any bug reports that are submitted will be evaluated by Samsung. The lowest reward is $200, and it is for a low-severity bug. The level of severity is determined by Samsung, and the same goes for the reward.
There are no estimates for the reward based on the level of risk or the quality of the report, so it is not exactly clear how much researchers can expect to get paid for a low, moderate, high or critical bugs. The $200,000 reward is, quite likely, only offered in case of outstanding critical bugs (that are likely also accompanied by a solid proof of concept.)