Qualcomm announced they are launching a vulnerability rewards program (also known as a bounty) designed to expand their collaboration with invited white hat hackers. The company firmly believes that these type of hackers will help to improve the security of their Snapdragon family and LTE modems by finding the vulnerabilities and then reporting them to Qualcomm to fix.
The program is the first of its kind to be announced by a major silicon vendor. The program will be administered in collaboration with vulnerability coordination platform HackerOne. This also takes Qualcomm another step towards becoming one of the most secure silicon vendors in the industry.
Qualcomm says that they will offer up to $15,000 per vulnerability. By comparison, Google has numerous vulnerability bounties that range from $500 to $20,000. Apple, on the other hand offers up to $200,000 per vulnerability discovered on its devices.
Alex Gantman, vice president of engineering at Qualcomm explained how this program will help improve their products.
We have always been proud of our collaborative relationship with the security research community. Over the years, researchers have helped us improve the security of our products by reporting vulnerabilities directly to us. Although the vast majority of security improvements in our products come from our internal efforts, a vulnerability rewards program represents a meaningful part of our broader security efforts.