In an interesting development, Samsung has launched its own bug bounty program. The South Korean company is paying as much as $200,000 to whoever discovers critical software vulnerability which would make it possible to compromise one of its devices.
The found vulnerabilities should affect Samsung Mobile devices, services, applications developed and signed by Samsung or third-party companies which are specifically developed for Samsung. All devices have to be fully up-to-date and the impacted services should be currently active.
The list of devices includes the most recent models, like the S8, S7, and Note 8, but also older models which were released in 2016, like the J3 and the A5. The Samsung Galaxy S6 is also included in the program.
“We take security and privacy issues very seriously; and as an appreciation for helping Samsung Mobile improve the security of our products and minimizing risk to our end-consumers, we are offering a rewards program for eligible security vulnerability reports,” Samsung says.
“Through this rewards program, we hope to build and maintain valuable relationships with researchers who coordinate disclosure of security issues with Samsung Mobile.”
The bounties start at $200. However, if your discover a way to breach a Samsung device without a physical connection to it, then Samsung isn’t offering a reward, though it is obvious that such a flaw will expose user data as well. Also, Samsung has stated that it won’t pay rewards for flaws which leads to an app crash without exploit.
You can check out the full terms of new bounty program here and go here if you’re already aware of an unpatched bug in Samsung devices that could qualify for a financial reward.
