Submit Report

Formats supported: JPG, PNG, BMP and JPEG. Max 5 images, max size 2MB each

Detailed description:

Reproduction instructions:

1:

2:

3:

Business impact:

Remediation:

Upload attachment Formats supported: doc, docx, 7z, zip, gz, bz2,png,jpg. Max size 20MB each
I have read and agreed to the OnePlus Security Response Center (OneSRC) terms.
Submit report

Assessment and Rewards

Reward tiers (currency USD; effective 12/12/2019):

Tips:

Critical: $750 - $1,500

High: $250 - $750

Medium: $100 - $250

Low: $50 - $100

Please note:

Reward tier is determined based on vulnerability severity and actual business impact. Special cases can be rewarded up to $7,000. Testing environment vulnerabilities are counted as 0.1 times their OnePlus-owned component counterpart. We do not accept reports that have been uploaded elsewhere.

Tips:

Reports with the following will be considered for a larger reward: a clear and concise summary of the vulnerability, text reproduction steps (including payloads, relevant URLs/IPs, API or fields), an impact analysis, remediation suggestions.


ONEPLUS SECURITY TESTING NON-DISCLOSURE AGREEMENT