ZDNet
Qualcomm has launched a bug bounty program to entice researchers to submit reports on security flaws in Snapdragon processors, LTE modems, and hardware.
The program, administered by HackerOne, was announced on Thursday in what Qualcomm says is the “first of its kind” to be announced by a major silicon vendor.
Qualcomm’s vulnerability rewards program focuses on the Snapdragon processor range, used to power mobile devices such as smartphones and tablets, alongside LTE modems and “related technologies.”
Details are thin on the ground at the moment in relation to what types of security flaw Qualcomm is particularly interested in, but on the bug bounty’s page, the company asks researchers to submit details in their reports including vulnerability types — such as buffer overflow or integer overflow bugs — and the potential impact of a problem, such as remote code execution or information leaks.
In addition, Qualcomm asks for researchers to provide affected product and version lists, instructions on how to reproduce attacks and proof-of-concept (PoC) examples.
Researchers can earn up to $15,000 for valid security flaws and will also be given accolades through Qualcomm’s QTI Product Security or the CodeAuroraForum Hall of Fame.
“The most security conscious organizations embrace the hacker community’s critical role in a comprehensive security strategy,” said Alex Rice, chief technology officer of HackerOne. “With Qualcomm Technologies’ vulnerability rewards program, they will continue to build vital relationships with the external security researcher community and supplement the great work their internal security team is doing.”
See also: Bug bounties: ‘Buy what you want’
The program is not yet open to all participants, however. While Qualcomm works out the finer details, approximately 40 researchers which have approached the firm in the past with vulnerability disclosures will be invited to join in — and earn rewards from today.
Qualcomm says the company hopes to patch disclosed flaws and vulnerabilities within 90 days.
In August, Panasonic launched a bug bounty program focused on the company’s avionics technologies; in particular, in-flight entertainment systems.
More security news
Hacker group targets Mark Zuckerberg’s online accounts — again
Clear-cut definition of de-identified data critical in legislation: Pilgrim
Phone firmware maker denies handing text message data to Beijing
ASX argues medical records are ripe for blockchain