QUALCOMM HAS become the latest company to offer a bug bounty, and it’s a biggie.
The chip company announced that the Vulnerability Rewards Programme will offer up to $15,000 for reports of vulnerabilities found in Qualcomm Snapdragon processors, LTE modems and their related technologies.
It's easy to forget that hardware has millions of lines of code that allow it to operate, and these are just as fallible as any other kind of software.
The programme, administered by HackerOne, will also offer chances of recognition in the QTI Product Security and Code Aurora Forum Halls of Fame.
"We have always been proud of our collaborative relationship with the security research community. Over the years, researchers have helped us improve the security of our products by reporting vulnerabilities directly to us," said Alex Gantman, vice president of engineering at Qualcomm Technologies Inc.
"Although the vast majority of security improvements in our products come from our internal efforts, a vulnerability rewards programme represents a meaningful part of our broader security efforts."
The programme will be seeded by 40 security researchers and white hat hackers who have already made vulnerability disclosures.
Earlier this year, Android users were warned of a system flaw called Quadrooter which it was originally said would affect 900 million devices with Qualcomm chips, including the supposedly bomb-proof BlackBerry Priv(y).
Google was keen to play down this figure, pointing out that its security patches had already got to three out of the four problems by August.
However, security patching doesn’t happen automatically and it is up to each vendor to ensure that devices are protected.
The Qualcomm bug bounty programme is the first of its kind for a silicon manufacturer, and comes into effect immediately.
Qualcomm made the announcement as part of a range of news, including the official unveiling of the Snapdragon 835 chip and the arrival of Quick Charge 4.0, which it is claimed can give a phone five hours of charge in five minutes. µ
Archaic prototype shows Redmond has come a long way in hardware design
And woe betide if you're called Mohammed too
Lack of proper comms gets a frosty reception from Project Zero's Travis Ormandy
Wine 3.0 brings support for Windows apps to Google's mobe OS