Qualcomm Technologies today announced its vulnerability rewards program designed to expand collaboration with invited white hat hackers who improve the security of the Qualcomm Snapdragon family of processors, LTE modems and related technologies. The program will be administered in collaboration with vulnerability coordination platform HackerOne, offering rewards of up to US$ 15,000 per vulnerability.
Eligibility to all vulnerability submissions:
- Vulnerabilities must be clearly attributable to Qualcomm Technologies and its affiliates.
- The issue identified in the submission must be exclusively communicated to QTI Vulnerability Rewards Program.
- The issue identified in the submission must be unknown to QTI.
- Only the first report of a vulnerability can qualify for a reward.
- Only confidential disclosures can qualify for a reward.
- All information related to the vulnerability must treated as confidential between you and Qualcomm during the coordinated disclosure time frame.
- Only individuals can qualify. We don’t reward companies or institutions.
- Employees of Qualcomm Technologies and its affiliates are not eligible for rewards.
Rewards
- Security Rating: Critical
- Software Category: Cellular modem – Reward: $15.000
- Software Category: TEE – Reward: $9.000
- Software Category: Bootloader – Reward: $9.000
- Software Category: Application processor software and all other qualified components – Reward: $8.000
- Security Rating: High
- Software Category: Cellular modem – Reward: $5.000
- Software Category: TEE – Reward: $5.000
- Software Category: Bootloader – Reward: $5.000
- Software Category: Application processor software and all other qualified components – Reward: $4.000
- Security Rating: Medium
- Software Category: All qualifying components – Reward: $2.000
- Security Rating: Low
- Software Category: All qualifying components – Reward: $0-$1.000
All researchers who receive rewards will become part of the QTI Product Security Hall of Fame or the CodeAuroraForum Hall of Fame, depending on the nature of the vulnerability.
Alex Gantman, vice president, engineering, Qualcomm Technologies, Inc. said:
We have always been proud of our collaborative relationship with the security research community. Over the years, researchers have helped us improve the security of our products by reporting vulnerabilities directly to us. Although the vast majority of security improvements in our products come from our internal efforts, a vulnerability rewards program represents a meaningful part of our broader security efforts.