OnePlus launches bug bounty programme, partners with HackerOne to enhance system security

OnePlus has launched two new initiatives to better protect users from cyber threats. The first one is a new OnePlus Security Response Center that will offer a bug bounty to security experts who discover and report on potential threats to OnePlus’ systems. The second one is a partnership with hacker-powered security platform HackerOne that will tap into the Chinese company’s network of security experts to mitigate security vulnerabilities.

‘OnePlus truly values the privacy of all information our customers entrust to us. The two projects demonstrate OnePlus’ commitment to protect our users' data through more secure systems and data lifecycles,’ Pete Lau, CEO and Founder of OnePlus, said in a statement.

OnePlus Security Response Center

OnePlus says that the global OnePlus Security Response Center will engage academics and security professionals to discover, disclose and remediate issues that could affect the security of OnePlus’ systems before they can be exploited by external actors. Security researchers can search for and report OnePlus-related security issues through the new bug bounty programme. Rewards for qualifying bugs reports will range from $50 (approx Rs 3,500) to $7,000 (approx Rs 4.98 lakh), depending on the potential impact of the threat.

The company has invited security professionals to visit security.oneplus.com for the terms of the full programme and a standardised form for reporting security issues. These researchers can report any potential threats to the OnePlus official website, OnePlus Community forums and OnePlus Applications. The reports will be reviewed by OnePlus technical experts and bugs bounty will be awarded accordingly.

OnePlus-HackerOne tie-up

The collaboration with HackerOne will enable OnePlus to gain insight from top security researchers, academic scholars and independent experts to better uncover potential threats to OnePlus’ systems. The HackerOne collaboration will start as a pilot programme in which select researchers will be invited to test out OnePlus’ systems against potential threats. OnePlus says that a public version of the programme is slated to go live later in 2020. ‘All invited researchers will submit their reports through HackerOne,’ OnePlus said.