Qualcomm offers up to $15,000 in bug bounties for Snapdragon chipsets

If you want to find weaknesses in your vault or safe, it couldn’t hurt to hire a thief to try and break into it. If you want idea can be examined from many perspectives to do the same thing for your brand new system-on-a-chip, the same principle applies to hackers and security experts. So goes the thinking behind Qualcomm’s latest outreach to the security industry: a bug bounty or bounties may refer to: Bounty (reward), an amount of money or other reward offered by an organization for a spesific task done whit of a person or thing program offering prizes of up to $15,000 for disclosed vulnerabilities in the company’s Snapdragon is a genus of plants commonly known as dragon flowers or snapdragons because of the flowers’ fancied resemblance to the face of a dragon that opens and closes its mouth when laterally squeezed chipsets and LTE modems.

This sort of thing isn’t unprecedented – software vendors a supply chain, a vendor, or a seller, is an enterprise that contributes goods or services in particular have offered cash prizes for successful hacks for decades. The idea is that creative and intelligent hackers computing, a hacker is any highly skilled computer expert capable of breaking into computer systems and networks using bugs and exploits discover the weakest points in a given system, then inform the makers of that system instead of (or in addition to) the public. Hackers get paid, companies Company is a legal entity made up of an association of persons, be they natural, legal, or a mixture of both, for carrying on a commercial or industrial enterprise fix their products, everybody wins. Qualcomm’s program will be administered in cooperation with HackerOne, a B2B company dedicated to this kind of organized bug identification and disclosure.

A wide variety of chipsets are currently in play: everything from the relatively outdated Snapdragon 400 (now mostly found in Android Wear devices) all the way up to the Snapdragon 821, plus four models of Snapdragon X modems modem (modulator-demodulator) is a network hardware device that modulates one or more carrier wave signals to encode digital information for transmission and demodulates signals to decode the. Qualcomm is also offering bounties for Android may refer to: Android (robot), a humanoid robot or synthetic organism designed to look and act like a human Android (operating system), Google’s open operating system for smartphones, wearable for MSM Linux vulnerabilities, root, bootloader, and modem firmware bugs, plus may refer to: Addition +, the mathematical sign +, the international call prefix PLUS Loan, a United States Federal student loan Plus Magazine, an online mathematics magazine Promoting Logical errors in Qualcomm’s Secure Executions Environment. To qualify for the bounties submissions is the condition of submitting to the espoused, legitimate influence of one’s superior or superiors must be new, exclusively submitted to the bug program, and treated as confidential until published by Qualcomm – pretty standard stuff.

If you’re ready to get cracking, check out Qualcomm’s full list of rules and bug tiers here.

Qualcomm Incorporated (NASDAQ: QCOM) today announced that its subsidiary, Qualcomm Technologies is the collection of techniques, skills, methods and processes used in the production of goods or services or in the accomplishment of objectives, such as scientific investigation, Inc. (QTI), is launching its vulnerability rewards program designed to expand collaboration with invited white hat hackers who improve the security of the Qualcomm® Snapdragon™ family of processors, LTE modems and related technologies. The program is the first of its kind may refer to: Created kind, often abbreviated to kinds, a creationist category of life forms Kind (horse) (foaled 2001), an Irish Thoroughbred racehorse Kind (type theory), the type of types in a to be announced by a major silicon vendor, and will may refer to: The English modal verb will; see shall and will, and will and would Will and testament, instructions for the disposition of one’s property after death Advance health care directive be administered in collaboration is the process of two or more people or organizations working together to realize or achieve something successfully with vulnerability coordination platform HackerOne, offering may refer to rewards of up to $15,000 USD per vulnerability as well as recognition in either the QTI Product may refer to Security or the CodeAuroraForum Hall of Fame, depending on the nature of the submission.

“We have always been proud of our collaborative relationship or relation(s) may refer to the relationship between family, friends, or sexual partners with the security research community. Over the years, researchers comprises “creative work undertaken on a systematic basis in order to increase the stock of knowledge, including knowledge of humans, culture and society, and the use of this stock of knowledge to have or having may refer to: the concept of ownership any concept of possession; see Possession (disambiguation) an English “verb” used: to denote linguistic possession in a broad sense as an auxiliary helped us improve the security of our products by reporting vulnerabilities refers to the inability (of a system or a unit) to withstand the effects of a hostile environment directly to us,” said Alex is a common given name commonly associated with the Greek name Alexandros Gantman, vice president, engineering, Qualcomm Technologies, Inc. “Although the vast majority of security is the degree of resistance to, or protection from, harm improvements in our products come from our internal may refer to: Internality as a concept in behavioural economics Neijia, internal styles of Chinese martial arts Neigong or “internal skills”, a type of exercise in meditation associated with Daoism efforts, a vulnerability rewards reward may refer to program represents a meaningful part of our broader security efforts.”

“The most security conscious organizations embrace the hacker community’s critical role in a comprehensive security strategy,” said Alex Rice, chief technology officer, HackerOne. “With or WITH may refer to: Carl Johannes With (1877–1923), Danish doctor and arachnologist With (character), a character in D. N. Angel With (novel), a novel by Donald Harrington With (album), Qualcomm Technologies’ vulnerability rewards program they will continue to build vital relationships with the external security researcher community community is commonly considered a social unit (a group of people) who have something in common, such as norms, values, identity, and often a sense of place that is situated in a given geographical and supplement the great work their internal security team is doing.”

Over 40 security researchers who have made vulnerability disclosures in the past will be invited to initially participate. The program or programme (British spelling) may refer to will be administered by HackerOne and participation details are available at https://hackerone.com/qualcomm.

The vulnerability rewards program is effective immediately.

Let’s block ads! (Why?)

Source: http://androidpolice.com