OnePlus Old

We welcome independent security researchers of all backgrounds and levels to join us in our efforts to secure the OnePlus ecosystem. If you believe you've found a security issue in our products or systems, we encourage you to notify us through security.oneplus.com.

##Submissions :

· Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve it.

· By submitting a report, you agree that you will not publicly disclose the details of said report to any third parties without OnePlus' express written permission.

· Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services. Only interact with accounts you own or with explicit permission of the account holder.

##Exclusions :

While researching, we'd like to ask you to refrain from:

· Denial of service · Spamming · Social engineering (including phishing) of OnePlus staff or contractors · Any physical attempts against OnePlus property or data centers

##Assessment and Rewards :

Reward tier is determined based on vulnerability severity and actual business impact.

We give out rewards for OnePlus-owned components only. Effective starting 12/12/2019 for reports submitted at security.oneplus.com, the reward tiers are (currency USD):

· Special cases: up to $7,000 · Critical: $750 - $1,500 · High: $250 - $750 · Medium: $100 - $250 · Low: $50 - $100 Testing environment vulnerabilities are counted as 0.1 times their OnePlus-owned component counterpart.

We do not accept reports that have been uploaded elsewhere.

A bank account is required for transfer of funds.

##In-eligible Issues :

· Login/logout CSRF · Host header injections without a specific, demonstrable impact · CORS · No SPF/DMARC in non-email domains/subdomains · Error information disclosure that cannot be used to make a direct attack · Missing security-related HTTP headers which do not lead directly to a vulnerability

Thank you for helping keep OnePlus and our users safe!