Chip vendor Qualcomm has a bug bounty programme in a bid to improve the security of its Snapdragon family of processors, LTE modems and related technologies. Qualcomm claims the programme to be one of the first from a major silicon vendor.

Security researchers can find vulnerabilities with rewards of up to $US 15,000 (£12,000) per vulnerability as well as recognition in either the QTI Product Security or the CodeAuroraForum Hall of Fame, depending on the nature of the submission. 

Program Rules

Hardware - Vulnerabilities affecting the following chip set families are in scope:
  • Snapdragon 400
  • Snapdragon 615
  • Snapdragon 801
  • Snapdragon 805
  • Snapdragon 808
  • Snapdragon 810
  • Snapdragon 820
  • Snapdragon 821
  • Snapdragon 835
  • Snapdragon X5 Modem
  • Snapdragon X7 Modem
  • Snapdragon X12 Modem
  • Snapdragon X16 Modem
Software components
  • Linux kernel code that is part of "Android for MSM"
  • Privileged user space programs (i.e. running as root or system)
  • Bootloader (all boot stages)
  • Cellular modem
  • WLAN and Bluetooth firmware
  • Qualcomm Secure Execution Environment (QSEE) on TrustZone



Rewards
Security Rating: Critical
Software Category: Cellular modem - Reward: $15.000
Software Category: TEE - Reward: $9.000
Software Category: Bootloader - Reward: $9.000
Software Category: Application processor software and all other qualified components - Reward: $8.000

Security Rating: High
Software Category: Cellular modem - Reward: $5.000
Software Category: TEE - Reward: $5.000
Software Category: Bootloader - Reward: $5.000
Software Category: Application processor software and all other qualified components - Reward: $4.000

Security Rating: Medium
Software Category: All qualifying components - Reward: $2.000

Security Rating: Low
Software Category: All qualifying components - Reward: $200-$1.000

Post A Comment:

0 comments: