Samsung has recently announced an expansion of its bug bounty program, offering a maximum reward of $1 million for individuals who uncover and report security vulnerabilities in the company’s software. In 2023, the company paid out a total of $5 million through its bug bounty program, with $828,000 awarded to 113 researchers who disclosed security vulnerabilities in Galaxy mobile devices.
The largest individual reward paid by Samsung in 2023 was $57,000 to TASZK Security Labs, a company based in Hungary. However, Samsung has increased its maximum reward to $1 million, with the exact amount dependent on the severity of the discovered vulnerability.
Jasper Park, the Director of Samsung’s mobile product security department, highlighted Oversecured Inc. from Barcelona, Spain, as the company with the most reports on vulnerabilities. He mentioned that Oversecured Inc. has contributed to enhancing Samsung’s proactive approach to addressing vulnerabilities in its products.
TASZK Security Labs continues to stand out, with Mr. Park acknowledging their significant contributions to protecting Samsung’s products from potential attacks in remote work scenarios.
According to reports from Bleeping Computer, analysts who discover a vulnerability enabling remote code execution targeting the Knox Vault hardware security system could receive up to $300,000. A reward of up to $400,000 is offered for an exploit that unlocks the device and fully extracts user data, while a bug allowing the installation of apps from sources other than the Galaxy Store could result in a $100,000 bounty.