Qualcomm Bug Bounty Offers Up to $15,000 To Unearth Snapdragon SoC And Modem Exploits

Qualcomm is opening up a "vulnerability awards program," otherwise known as a bug bounty, in hopes that white hat hackers will root out security flaws in its Snapdragon family of processors, LTE modems, and related technologies, the company announced today. While rewarding security researchers for hunting bugs isn't new, Qualcomm points out that this is the first of its kind by a major silicon vendor.

The mobile chipmaker is handing over administration duties to HackerOne with rewards of up to $15,000 per vulnerability up for grabs. Researchers may also find motivation by potential recognition in either the QTQ Product Security or the CodeAuroraForum Hall of Fame, depending on the submission.

Qualcomm

"We have always been proud of our collaborative relationship with the security research community. Over the years, researchers have helped us improve the security of our products by reporting vulnerabilities directly to us," said Alex Gantman, vice president, engineering, Qualcomm Technologies, Inc. "Although the vast majority of security improvements in our products come from our internal efforts, a vulnerability rewards program represents a meaningful part of our broader security efforts."

For now the program is by invite only, with over 40 security researchers who have made vulnerability disclosures in the past getting first dibs. Reward amounts are based on the severity of the vulnerability. Here's how they break down:

Critical
  • Software Category: Cellular modem - Reward: $15.000
  • Software Category: TEE - Reward: $9.000
  • Software Category: Bootloader - Reward: $9.000
  • Software Category: Application processor software and all other qualified components - Reward: $8.000
High
Software Category: Cellular modem - Reward: $5.000
Software Category: TEE - Reward: $5.000
Software Category: Bootloader - Reward: $5.000
Software Category: Application processor software and all other qualified components - Reward: $4.000
Medium
  • Software Category: All qualifying components - Reward: $2,000
Low
  • Software Category: All qualifying components - Reward: $0-$1,000
These run the gamut from remote code execution vulnerabilities (critical) to security flaws that do not directly cause harm to the user or device (low).

Via:  Qualcomm
Show comments blog comments powered by Disqus