Chip vendor Qualcomm has a bug bounty programme in a bid to improve the security of its Snapdragon family of processors, LTE modems and related technologies. Qualcomm claims the programme to be one of the first from a major silicon vendor.
Security researchers can find vulnerabilities with rewards of up to $US 15,000 (£12,000) per vulnerability as well as recognition in either the QTI Product Security or the CodeAuroraForum Hall of Fame, depending on the nature of the submission.
Program Rules
Hardware - Vulnerabilities affecting the following chip set families are in scope:
Software Category: Cellular modem - Reward: $15.000
Software Category: TEE - Reward: $9.000
Software Category: Bootloader - Reward: $9.000
Software Category: Application processor software and all other qualified components - Reward: $8.000
Security Rating: High
Software Category: Cellular modem - Reward: $5.000
Software Category: TEE - Reward: $5.000
Software Category: Bootloader - Reward: $5.000
Software Category: Application processor software and all other qualified components - Reward: $4.000
Security Rating: Medium
Software Category: All qualifying components - Reward: $2.000
Security Rating: Low
Software Category: All qualifying components - Reward: $200-$1.000
Security researchers can find vulnerabilities with rewards of up to $US 15,000 (£12,000) per vulnerability as well as recognition in either the QTI Product Security or the CodeAuroraForum Hall of Fame, depending on the nature of the submission.
Program Rules
Hardware - Vulnerabilities affecting the following chip set families are in scope:
- Snapdragon 400
- Snapdragon 615
- Snapdragon 801
- Snapdragon 805
- Snapdragon 808
- Snapdragon 810
- Snapdragon 820
- Snapdragon 821
- Snapdragon 835
- Snapdragon X5 Modem
- Snapdragon X7 Modem
- Snapdragon X12 Modem
- Snapdragon X16 Modem
- Linux kernel code that is part of "Android for MSM"
- Privileged user space programs (i.e. running as root or system)
- Bootloader (all boot stages)
- Cellular modem
- WLAN and Bluetooth firmware
- Qualcomm Secure Execution Environment (QSEE) on TrustZone
Rewards
Security Rating: CriticalSoftware Category: Cellular modem - Reward: $15.000
Software Category: TEE - Reward: $9.000
Software Category: Bootloader - Reward: $9.000
Software Category: Application processor software and all other qualified components - Reward: $8.000
Security Rating: High
Software Category: Cellular modem - Reward: $5.000
Software Category: TEE - Reward: $5.000
Software Category: Bootloader - Reward: $5.000
Software Category: Application processor software and all other qualified components - Reward: $4.000
Security Rating: Medium
Software Category: All qualifying components - Reward: $2.000
Security Rating: Low
Software Category: All qualifying components - Reward: $200-$1.000
Post A Comment:
0 comments: