Samsung has published its first-ever annual report on its Mobile Security Rewards Program, which offers cash prizes to security researchers for finding security issues with its products and services. It shared insights into the program’s progress over the years and detailed the prizes it paid out in 2023. The company also announced that the maximum bounty for a bug has been increased from $200,000 to $1 million.
Samsung’s Security Rewards Program now offers up to $1 million bounty
Launched in 2017, Samsung’s Mobile Security Rewards Program is a bounty program aimed at addressing security issues in Galaxy devices, first-party apps, and other products and services it offers to billions of consumers globally. External researchers can report the flaws to the company and earn cash if their reports qualify for a reward. The reward amount depends on the severity of the issue and other factors.
Nearly seven years after its launch, Samsung is here with the first annual report on the program. The company has paid out nearly $5 million to security researchers during this time, with the highest single award of $120,000. In 2023, Samsung paid $827,925 to 113 security researchers worldwide. TASZK Security Labs took home the highest amount of $81,370, with one of its reports fetching a cash prize of $57,190.
The Barcelona, Spain-based security firm reported vulnerabilities that could potentially lead to remote attacks. Oversecured Inc. reported the most security issues (79) under the Security Rewards Program last year. The firm has been submitting bug reports to the company since 2021, helping secure its products from a wide range of vulnerabilities. It also filed the most reports in 2022 and received the highest total rewards that year.
Going forward, Samsung plans to launch a special bounty program for AI products. It has already started the Mobile AI Security rewards program as a pilot. The company aims to make its AI products more secure as it looks to establish a lead in this booming industry. It offers up to $1 million in cash prizes if researchers can find bugs that allow remote arbitrary code execution on highly privileged targets such as Knox Vault. Samsung has explained all the rewards on its security blog.
