Samsung has now become the latest tech company to introduce a bug bounty program. Announcing that it will now pay rewards of up to $200,000 to anyone who discovers any vulnerabilities in its products. Depending on the severity level of that vulnerability, the rewards amount will range between $200 and $200,000 for qualified security reports.
The Mobile Security Rewards Program bascially covers 38 Samsung mobile devices. Which are still now receiving monthly and quarterly security updates. The mobile devices that are eligible for the rewards. Include those in the Galaxy S, Galaxy Note, Galaxy A, Galaxy J, and the Galaxy Tab series.
Samsung’s flagship devices, the S8, S8+, and Note 8 are also included. The company also says that it will also reward those who find vulnerabilities in Bixby, Samsung Pay, Samsung Account, Samsung Pass, and many other services.
Samsung Announces $200000 Mobile Security Rewards Program
Samsung’s bounty of $200,000 likely comes in at slightly lower than Microsoft’s $250,000 for Windows 10 security bugs. Facebook has also paid the security researchers for finding bugs, while Google also runs a program. And recently Apple also launched an invite-only program with rewards of up to $200,000 as well. All these bounties has now led to helping those hackers make millions legally. While a single researcher has made $225,000 just by hacking the browsers.
“The complete process of the rewards program from start to payout, the decision of severity level and the reward amount. And also terms and conditions, will be entirely determined and governed by Samsung. And the policy for the rewards program may also change without advanced notice. We may also stop the rewards program at any time,” said Samsung.
Samsung has also specified that the participants are not allowed to make reported vulnerabilities open to public until Samsung investigates them.
While that is the maximum that likely the company is offering. The awards begins at $500, which to put it in Microsoft’s words, will be given to, “any critical or important class remote code execution, design flaws or elevation of privilege that compromises a customer’s security and privacy.”