LightBlog

jeudi 17 novembre 2016

Qualcomm Announces Bug Bounty Program

Bug bounty programs are by no means a new idea for the tech industry. They have proven to be highly successful for many companies, giving them opportunities to employ the power of the crowd to find critical bugs and flaws, and Qualcomm is now looking to get in on the fun too.

Qualcomm is launching their “vulnerability rewards program” with a specific focus on Qualcomm Snapdragon processors (such as the newly announced Snapdragon 835) and LTE Modems. Qualcomm is stressing that their bug bounty is unique and different from those of other major silicon vendors, in part because of their focus on the community. Not only will there be rewards of up to $15,000 USD per vulnerability, but Qualcomm will also be honoring members that make particularly interesting discoveries with recognition through QTI Product Security and/or CodeAuroraForum’s Hall of Fame, depending on the vulnerability in question.

The program will start off as a closed program, with only 40 security researchers that have made previous vulnerability disclosures regarding Qualcomm products being invited. If it proves to be successful, it may grow quickly and prove to be a major asset for Qualcomm.

Qualcomm’s bug bounty program will be administered with the HackerOne vulnerability coordination platform. For more details, visit http://ift.tt/2gjKVtX and http://ift.tt/2f3Bsl8.

And of course, there won’t be any need to wait to disclose bugs until everything gets set up, as the program is effective immediately.

This is a commendable initiative from Qualcomm seeing how we come across more and more exploits surfacing every passing week. A rewards program not only gives them more eyes to examine their hardware and software stacks, it also gives security researchers and enthusiasts an incentive to keep putting the newest technologies and codes to test. The end beneficiary is the user who enjoys a much safer and more secure mobile experience.



from xda-developers http://ift.tt/2gjK1gS
via IFTTT

Aucun commentaire:

Enregistrer un commentaire