Q: What is the scope of CVE application?

A: The vulnerability should involve certain common ColorOS systems, IOT devices or widely-used app and SDK, whose impact is unique to OnePlus products after exploit. The vulnerability should be assessed as medium or higher severity and it should be already repaired.

Q: How to apply a CVE?

A: For CVE application, you could send an application email to security@oneplus.com. You need to list the following points in the email.

• The name and Report ID of the vulnerability
• The influence of the vulnerability
• The type and the severity of the vulnerability
• POC
• The nickname and the email of the applicant

Q: How to check the result of my CVE application.

A: If your application is accepted, OneSRC will inform researchers worldwide of the CVE number and issue an electronic certificate via email. An acknowledgement announcement will be also published on OneSRC official website.

If your application is refused, we will email you the reasons.