Responsible Disclosure Policy

At Samsung, we take security and privacy issues very seriously, and we value the security research community with our commitment to address potential security vulnerabilities as quickly as possible. The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our end-consumers.

• We ask our security research community to:
• Make every effort to avoid privacy violations, degradation of user experience, disruption to internal or external servers, and destruction of data or physical assets during security testing;
• Use reporting guidelines stated above to report details of potential vulnerabilities as complete as possible; and
• Keep information about any potential vulnerability discovered confidential between yourself and Samsung until we have remedy in place.

In return, we commit to:

• Respond within a maximum of 48 hours upon receiving the initial report;
• Work with you to understand and resolve the potential vulnerability quickly;
• Make our best effort to resolve security vulnerabilities, and release patches to end-consumers within 90 days; and
• Reward you, if you choose to participate in our Samsung Mobile Security Rewards Program, and recognize your contribution through our Acknowledgements for eligible reports.