OnePlus announced the launch of two new initiatives to better protect users from cyber threats. Firstly, the new OnePlus Security Response Center will offer a bug bounty to security experts who discover and report on potential threats to OnePlus’ systems. Secondly, a new partnership with HackerOne, a renowned hacker-powered security platform, will tap into their extensive network of security experts to surface the most relevant security vulnerabilities before they can be exploited by external actors.
Pete Lau, CEO and Founder of OnePlus, said, “OnePlus truly values the privacy of all information our customers entrust to us. The two projects demonstrate OnePlus’ commitment to protect our users’ data through more secure systems and data lifecycles.”
OnePlus Security Response Center
The global OnePlus Security Response Center will engage academics and security professionals to responsibly discover, disclose and remediate issues that could affect the security of OnePlus’ systems, and will help OnePlus proactively counter potential external threats to user security. Security researchers around the world can proactively search for and report OnePlus-related security issues through the new bug bounty program. Rewards for qualifying bugs reports will range from $50 to $7,000, depending on the potential impact of the threat.
Security researchers are encouraged to report any potential threats to the OnePlus official website, OnePlus Community forums and OnePlus Applications. Reports will be reviewed by OnePlus technical experts.
Security professionals are invited to visit security.oneplus.com for the terms of the full program and a standardized form for reporting security issues.
Joining Hands with HackerOne
The collaboration with HackerOne will enable OnePlus to gain insight from top security researchers, academic scholars and independent experts to better uncover potential threats to OnePlus’ systems.
The HackerOne collaboration will start as a pilot program, inviting select researchers to test out OnePlus’ systems against potential threats. A public version of the program is slated to go live later in 2020.
All invited researchers will submit their reports through HackerOne.