Submit Report

Formats supported: JPG, PNG, BMP and JPEG. Max 5 images, max size 2MB each

Detailed description:


Reproduction instructions:

1:

2:

3:


Business impact:


Remediation:


Upload attachment Formats supported: doc, docx, 7z, zip, gz, bz2. Max size 20MB each

Please provide detailed steps on how to reproduce the vulnerability. Please do not publicly disclose it before it is fixed.

I have read and agreed to the OnePlus Security Response Center (OneSRC) terms.
Submit report

Assessment and Rewards

Reward tiers (currency USD; effective 12/12/2019):

OnePlus-owned components:

Critical: $750 - $1,500

High: $250 - $750

Medium: $100 - $250

Low: $50 - $100

Please note:

Reward tier is determined based on vulnerability severity and actual business impact. Special cases can be rewarded up to $7,000. Testing environment vulnerabilities are counted as 0.1 times their OnePlus-owned component counterpart. We do not accept reports that have been uploaded elsewhere.

OnePlus-owned components:

OnePlus official website, OnePlus Store, OxygenOS,OnePlus App Store, OnePlus Cloud, OnePlus Community, OnePlus Account etc.


ONEPLUS SECURITY TESTING NON-DISCLOSURE AGREEMENT