OnePlus, a global mobile company, announced today the launch of two new initiative to protect users from cyber threats.
The new OnePlus Security Response Centre will offer a bug bounty to security experts who discover and report on potential threats to OnePlus' systems. The new partnership with HackerOne, a renowned hacker-powered security platform, will tap into their extensive network of security experts to surface the most relevant security vulnerabilities before they can be exploited by external actors.
"OnePlus values system security and the privacy of all customer information that has been entrusted to us," said Pete Lau, CEO and Founder of OnePlus. "The two projects demonstrate OnePlus' commitment to create more secure systems and data lifecycles."
OnePlus Security Response Centre
OnePlus Security Response Centre will engage academics and security professionals to responsibly discover, disclose and remediate issues that could affect the security of OnePlus’ systems, and will help OnePlus proactively counter potential external threats to user security. Security researchers around the world can proactively search for and report OnePlus-related security issues through the new bug bounty program. Rewards for qualifying bugs reports will range from US$50 to US$7,000, depending on the potential impact of the threat.
Security researchers are encouraged to report any potential threats to the OnePlus official website, OnePlus Community forums and OnePlus Applications. Reports will be reviewed by OnePlus technical experts.
Security professionals are invited to visit security.oneplus.com for the terms of the full program and a standardised form for reporting security issues.
Joining Hands with HackerOne
The collaboration with HackerOne will enable OnePlus to gain insight from top security researchers, academic scholars and independent experts to better uncover potential threats to OnePlus’ systems.
The HackerOne collaboration will start as a pilot program, inviting select researchers to test out OnePlus’ systems against potential threats. A public version of the program is slated to go live later in 2020.
All invited researchers will submit their reports through HackerOne.