OnePlus starts bug bounty program with rewards between $50 and $7,000

OnePlus has opened a bug bounty program. The company has had to deal with several security incidents in recent times. The company offers a program through HackerOne that allows security researchers to earn between $50 and $7,000.

The responsible disclosure program can be found on the OnePlus website. For the program, the company works together with HackerOne, a well-known platform where several companies have their rd program running. The program is intended to “detect security incidents early,” OnePlus said in a forum post. The website features a Hall Of Fame featuring the three most important researchers of that month.

OnePlus has five different rewards, which increase as the leak gets worse. The amounts range from $50 to $1500 in the first four categories. In addition, there is a category for ‘special cases’ with which researchers can earn $7,000, or about EUR 6,300. It is not known what the exact requirements are to fall within a specific category. It is also not clear what exactly a ‘special case’ is. The company has set up a few rules that are pretty standard for a bug bounty program. Researchers are not allowed to spam or conduct a DoS attack, and there are a few exceptions where no reward applies.

The bug bounty program is partly due to a number of security problems that OnePlus has had in recent times. A month ago, names, addresses and phone numbers of OnePlus buyers were leaked, and 40,000 credit card details were stolen from the company in 2018. OnePlus does not specify whether the bug bounty program applies to its website, or just its phones.