Mobile phone manufacturer ZTE has announced it has launched a public bug bounty program offering up to €2,000 ($2,300) for security vulnerabilities.
The program, launched in partnership with French vulnerability disclosure platform YesWeHack, invites researchers to look for security flaws in ZTE products.
A press release published last night (October 11) detailed several in-scope product categories, including ZTE’s 5G Common Core network, 5G NR broadcast tech, and fixed network, along with multimedia, cloud video, cloud computing, database management systems, and terminal products.
ZTE web applications and other devices not listed on YesWeHack’s website are out of scope.
Publicly available
A spokesperson for YesWeHack told The Daily Swig that the program is an expansion of a private offering for invite-only researchers.
The program invites both individuals and groups of up to five to participate. The biggest rewards are for critical bugs including remote code execution.
Zhong Hong, chief security officer at ZTE, said: “Through openness and transparency, we try to give our customers confidence by letting them see what we do and how we provide end-to-end security.”
Hong added: “Our partnership with YesWeHack will help to enhance the security of ZTE’s products and confront new challenges brought by the 5G network commercialization.”
Source: https://portswigger.net/daily-swig/chinese-phone-manufacturer-zte-launches-public-bug-bounty-program