Invite-only program launched with HackerOne

Jan 17, 2020 10:23 GMT  ·  By

Chinese phone maker OPPO has announced its very first bug bounty program in an attempt to work closer with security experts on finding and fixing vulnerabilities in its products.

Chinese companies have often been accused for their poor security practices, many of them suspected of conducing malicious activities for the Beijing government. Huawei is without a doubt the best example in this regard, as the tech giant ended up being banned from using software and hardware developed by American companies, including here Google and Microsoft.

But what OPPO does is continue the security push that it started in 2018 with the OPPO Security Response Center (OSRC), which it used to get in touch with researchers and better address vulnerability reports.

Better security

In partnership with HackerOne, OPPO is now launching an invite-only private bug bounty program whose purpose is to go public at some point in the future. However, further details on when this is projected to happen aren’t available right now.

Just like all the other bug bounty programs, OPPO wants to work with the selected researchers on finding vulnerabilities in its products and then issue rewards based on their reports.

“Today, the goal of the OSRC remains to promote cooperation and communication with ethical hackers and to identify security vulnerabilities before they can be exploited by cybercriminals. This partnership with HackerOne further signifies OPPO's support of the global security research community and their vital role in reducing cyber risk,” OPPO explains.

OPPO is one of the leading smartphone manufacturers worldwide. Data provided by Counterpoint Research, for example, indicates that in 2018, OPPO was the fourth largest phone company with a market share of 9%, behind Samsung, Huawei, and Apple. Furthermore, the BBK Group, which included OPPO, Vivo, Realme, and OnePlus accounted for over 20% of the entire mobile market.