The company has announced their bug bounty initiative called Mobile Security Rewards Program. And as the name suggests, the program would shower cash on bug hunters who reveal security loopholes in Samsung’s range of mobile devices, mostly running the Android operating system.
Currently, there are 38 Samsung mobile devices – includes Galaxy S series, Note Series, A Series, J Series, and Tab series – covered under the program. These devices are receiving regular security updates since October 2015.
There are some software included as well, like, their voice assistant Bixby, Samsung Pay, Samsung Pass, etc. which are eligible for bug bounty submissions. Samsung says the eligible device must be running the latest available Android version and firmware.
The pilot for the rewards program was first introduced in January 2016. Samsung promises to shell out up to $200,000 per successful bug reported. However, things like the severity of the bug and whether the researcher can provide a proof-of-concept would affect the reward amount.
Samsung has created a new web page to provide further details about their Mobile Security Rewards program. Interested user can visit the same to read guidelines and submit vulnerability reports through a dedicated interface.
Bug bounties are a great medium for companies to find out critical flaws in their products. A benefit is they don’t have to make any recruitments. And all the effort is crowd-sourced; they only have to pay if the bug submission is approved.
On the other side, it’s also a unique cookie for security researchers and white hats. They can make money improving their bug finding skills. Companies like Google, Apple, Microsoft, etc. also have their respective bug bounty programs.
Visit Samsung Mobile Security page using this link.
What are your views on this? Drop your thoughts in the comments.