Samsung Mobile Security

<!DOCTYPE html> <html lang="en"> <head>  <meta charset="UTF-8" /> <meta http-equiv='X-UA-Compatible' content='IE=edge' /> <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=no" /> <link rel="stylesheet" href="/jquery/css/basic.css" type="text/css" /> <link rel="stylesheet" href="/./external/attach/css/attachment.css" /> <script src="/./jquery/jquery-1.12.2.js" type="text/javascript"></script> <script src="/./jquery/jquery-ui/jquery-ui.js" type="text/javascript"></script> <script src="/./jquery/validation/sdp.validate.js" type="text/javascript"></script> <script src="/./jquery/jquery.simplemodal.js" type="text/javascript"></script> <script src="/./js/portalCommon.js" type="text/javascript"></script> <script src="/./js/numberFormat.js" type="text/javascript"></script> <script src="/./js/menu.js" type="text/javascript"></script> <script src="/./js/common.js" type="text/javascript"></script> <script src="/./js/commonCalendar.js" type="text/javascript"></script> <script src="/./js/billboard/d3.min.js" charset="utf-8"></script> <script src="/./js/billboard/billboard.min.js"></script> <link href="/./js/billboard/billboard.min.css" rel="stylesheet"> <link rel="stylesheet" href="/css/style.css?ver=20241008a1" type="text/css" />   <title>Samsung Mobile Security</title> <link rel="shortcut icon" href="./images/common/favicon.ico" type="image/x-icon"> <link rel="icon" href="./images/common/favicon.ico" type="image/x-icon"> <script type="text/javascript"> var contextPath="/."; var language = 'en_US'; // 2022-10-27 session time out check if('' != ""){ sessionCheck(); } var sameSiteVal = ["Lax;", "None; Secure", "stric;"]; document.cookie = 'LANGUAGE=; expires=Thu, 01 Jan 1970 00:00:01 GMT; SameSite='+sameSiteVal[0]; //document.cookie = 'LANGUAGE=; expires=Thu, 01 Jan 1970 00:00:01 GMT;'; var cookieAccept = 'null'; $(document).ready(function() { /* 2023-10-10 버튼 효과 삭제 $(".menu > li").on("click", function(){ $(this).children("a").addClass("on"); }); */ //개인화 메뉴 펼치기 $(".personal_menu").click(function(){ $(".personal_box").slideToggle("fast"); $('.close_search').hide(); $('.wrap_search .wrap_input').hide(); $('.open_search').css('visibility','visible'); }); //mobile_ 메뉴 펼치기 $(".m_btn_menu").click(function(){ $(this).hide(); $('.m_btn_menu_close').show(); $('.wrap_m_menu').slideDown('fast'); $('.back_bg').fadeIn('fast'); }); $(".m_btn_menu_close").click(function(){ $(this).hide(); $('.m_btn_menu').show(); $('.wrap_m_menu').slideUp('fast'); $('.back_bg').fadeOut('fast'); }); //상단 검색 $('.open_search').click(function(){ $(".personal_box").slideUp("fast"); $('.wrap_search .wrap_input').show(); $(this).css('visibility','hidden'); $('.close_search').show(); $('.wrap_search .wrap_input').focus(); }); $('.close_search').click(function(){ $(this).hide(); $('.wrap_search .wrap_input').hide(); $('.open_search').css('visibility','visible'); }); $("#androidUpdatesMobileKey,#androidUpdatesWebKey").keydown(function (key) { if(key.keyCode == 13){//키가 13이면 실행 (엔터는 13) androidUpdatesSearch(this.id); } }); // 20210511 - 메뉴 슬라이드 $(".menu").hover(function(){ $(".submenu").show(); $(".submenu_bar").show(); /* if ($("#header").hasClass("menu_fix")){ } else { $(".submenu").show(); $(".submenu_bar").show(); } */ }).mouseleave(function(){ $(".submenu").hide(); $(".submenu_bar").hide(); }) //menu fixed function eventMenuFix(){ var menu = $('.mh'); var menu_offset = $('.mh').offset(); var submenu = $('.submenu'); $(window).scroll(function(){ if ($(this).scrollTop() >= menu.height() && $(window).width() > 1023){ menu.addClass('menu_fix'); }else { menu.removeClass('menu_fix'); }; }); }; if($(window).width() > 1023){ $('#header').addClass('mh'); eventMenuFix(); }else if($(window).width() < 1023){ $('#header').removeClass('mh'); eventMenuFix(); }; eventMenuFix(); //top btn $(".mtop_wrap button.mtop").click(function(){ $("html, body").animate({scrollTop:0}, 400); }); $("button.wtop").click(function(){ $("html, body").animate({scrollTop:0}, 400); }); // 쿠키 설정 확인 if( cookieAccept != 'Y' ) { //alert('aa'); //$(".fullscreen").removeClass('none'); setTimeout("createCookie()", 1000); } // 20210504 - Cookies Layer $(".txt_link_cookies, .btn_footer_cookie").on("click",function(){ $("#cookies_layer").fadeIn(); }) $("a.btn_cookies_close").on("click",function(){ $("#cookies_layer").fadeOut(); }) // 20210504 - Cookie-banner close $("a.btn_cookie_banner_close").on("click",function(){ $(".fullscreen").fadeOut(); }) }); function createCookie(){ $(".fullscreen").fadeIn(); //$(".fullscreen").slideUp(); } function movePage(pageUrl) { var d = new Date(); var timeZoneHour = d.getTimezoneOffset() / 60; timeZoneHour = -1 * timeZoneHour; $("input[name='timeZoneHour']").val(timeZoneHour); document.menuMoveForm.action=pageUrl; document.menuMoveForm.submit(); } function androidUpdatesSearch(searchObj) { var androidSearchText = $("#"+searchObj).val(); var pattern = /^[a-zA-Z0-9|-]*$/; if(androidSearchText=="") { alert('Please enter the search word.'); } else if(pattern.test(androidSearchText)) { $("#androidSearchText").val(androidSearchText); document.androidUpdatesSearchForm.submit(); } else { alert('You can not enter characters other than uppercase and lowercase letters, numbers, "-".'); } } function goCookieAccept() { var params = {}; $.ajax({ type:'POST', url:'/./cookieAccept.smsb', data:params, dataType:'json', async:false, success:function(ret) { hideLoading(); if( ret.success == true ) { $(".fullscreen").fadeOut(); cookieAccept = 'Y'; } else { alert("Please contact administrator!"); } }, error : function(request, err, ex) { hideLoading(); //alert('Please contact administrator'); alert("Please contact administrator" + "\n" + "code : " + request.status + "\n" + "message : " + request.responseText + "\n" + "error : " + err + "\n" + "ex : " + ex); } }); } function goLogin(){ /* if( cookieAccept != 'Y' ) { $(".fullscreen").fadeIn(); alert('If you continue to submit report, please accept cookies form this site.'); return; } */ var url = '/sa/anonymous/loginPage.do'; openPage(url); } function myFunction() { document.getElementById("myDropdown").classList.toggle("show"); } window.onclick = function(event) { var matches = event.target.matches ? event.target.matches('.dropbtn') : event.target.msMatchesSelector('.dropbtn'); if (!matches) { var dropdowns = document.getElementsByClassName("dropdown-content"); var i; for (i = 0; i < dropdowns.length; i++) { var openDropdown = dropdowns[i]; if (openDropdown.classList.contains('show')) { openDropdown.classList.remove('show'); } } } } </script> <script> </script> </head> <body>  <div class="fullscreen visible"><div class="leica-overlay content-container"><div class="cookie-banner"> <a href="javascript:goCookieAccept();" class="btn_cookie_banner_close" data-role="accept-all-cookies">close</a> <div class="contentlayercontent"> <div class="cookie-banner__body row"> <div class="col"> <p class="cookie_banner_tit">Samsung Mobile Security and Cookies</p> <p>Our site uses essential cookies only. You can read our <a href="./privacy/global/privacy_notice.html" class="txt_link2" title="Privacy Policy" target="_blank">Privacy Policy</a> and <a href="javascript:void(0)" class="txt_link2 txt_link_cookies" title="Cookie Policy">Cookie Policy</a> for more information.</p>  </div>  </div> </div> </div></div></div>  <div id="cookies_layer"> <a href="javascript:void(0);" class="btn_cookies_close">close</a> <div class="cookies_layer_inner"> <h2>Samsung Mobile Security <br>Cookie Policy</h2> <p class="cookies_dates">Updated on Jan 17, 2022</p> <div class="cookies_cont"> <p class="cookies_cont_txt">This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.<br><br> It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.<br><br> Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at <a href="https://www.samsung.com/request-desk" class="txt_link2" target="_blank">https://www.samsung.com/request-desk</a>. </p> <p class="cookies_cont_txt c_center">You can also contact us at:</p> <p class="cookies_cont_txt_box c_center">European Data Protection Officer<br> Samsung Electronics (UK) Limited<br> Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS </p> <h4>Cookies</h4> <p class="cookies_cont_txt">Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.<br><br> We use the following types of cookies on this website:<br><br> <b>Essential Cookies</b>: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided. </p> <div class="cookies_cont_tb"> <table> <thead> <tr> <th>Cookie</th> <th>Domain</th> <th>Purpose</th> </tr> </thead> <tbody> <tr> <td>JSESSIONID</td> <td>security.samsungmobile.com</td> <td>to keep login session</td> </tr> <tr> <td>lastActivityTime</td> <td>security.samsungmobile.com</td> <td>to save the user's last activity time to automatically logout after 30 minutes of inactivity</td> </tr> </tbody> </table> </div> <h4>Managing Cookies and Other Technologies</h4> <p class="cookies_cont_txt">You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at <a href="http://www.allaboutcookies.org" class="txt_link2" target="_blank">http://www.allaboutcookies.org</a>.</p> </div> </div> </div>   <div id="skipnav"> <a href="#gnb">Go straight to the menu</a> <a href="#home">Go straight to the text</a> </div>   <div id="wrap">  <header id="header_wrap"> <div id="header" class="main_header"> <div class="header_inner"> <div class="wrap_top"> <h1 class="logo"><a href="/./main.smsb"><strong>Samsung </strong>Mobile Security</a></h1>  <div class="gnb" id="gnb">  <ul class="menu"> <li><a href="/./workScope.smsb">Security Updates</a> <ul class="submenu"> <li><a href="/./workScope.smsb">Scope</a></li> <li><a href="/./securityUpdate.smsb">Firmware Updates</a></li> <li><a href="/./serviceWeb.smsb">Other Updates</a></li> </ul> </li> <li><a href="/./securityReporting.smsb">Security Reporting</a> <ul class="submenu"> <li><a href="/./securityReporting.smsb">Reporting</a></li> <li><a href="/./securityReportingProcess.smsb">Process</a></li> <li><a href="/./securityReportingRiskClassification.smsb">Severity Classification</a></li> </ul> </li> <li><a href="/./rewardsProgram.smsb">Rewards Program</a> <ul class="submenu"> <li><a href="/./rewardsProgram.smsb">How it works</a></li> <li><a href="/./hallOfFameInfo.smsb">Hall of Fame</a></li> </ul> </li> <li><a href="/./securityPost.smsb">Security Post</a></li> </ul>  <div class="toplink"> <span class="t_btn_login"><a href="javascript:goLogin();" title="Go to login">Login</a></span>  <div class="wrap_search"> <a href="javascript:;" class="open_search">Search</a> <a href="javascript:;" class="close_search" style="display:none">Search Close</a> <div class="wrap_input" style="display:none"> <input id="androidUpdatesWebKey" name="androidUpdatesWebKey" type="text" placeholder="Enter the search word(ex. CVE, SVE.. )" title="search" style="height:100%;border:0px;"> <a href="javascript:androidUpdatesSearch('androidUpdatesWebKey')" class="btn_search">Search</a> </div> </div>   </div> </div>  </div>  <div class="wrap_mobile_menu"> <div class="m_toplink"> <button type="button" class="m_btn_menu" title="Total Menu">Total Menu</button> <button type="button" class="m_btn_menu_close" title="Close the entire menu">Close the entire menu</button> </div> <div class="wrap_m_menu">  <div class="wrap_m_search"> <div class="wrap_input"> <input type="text" id="androidUpdatesMobileKey" name="androidUpdatesMobileKey" placeholder="Enter the search word(ex. CVE, SVE.. )" title="search" style="height:100%;border:0px;"> <a href="javascript:androidUpdatesSearch('androidUpdatesMobileKey')" class="btn_search">Search</a> </div> </div>  <ul class="m_main_menu"> <li><a href="/./workScope.smsb">Security Updates</a></li> <li><a href="/./securityReporting.smsb">Security Reporting</a></li> <li><a href="/./rewardsProgram.smsb">Rewards Program</a></li> <li><a href="/./securityPost.smsb">Security Post</a></li> </ul> <ul class="m_personal_menu"> <li><a href="javascript:goLogin();" title="Go to login">Login</a></li>  </ul> </div> <div class="back_bg"></div> </div>  </div> <div class="submenu_bar"></div> </div> </header>   <script type="text/javascript"> document.title = 'Rewards Program | Samsung Mobile Security'; $(document).ready(function() { $(".menu > li").siblings("li:eq(1)").find("a").addClass("on"); var mrisk = ""; if(mrisk == "Y"){ var windowWidth = $( window ).width(); var pos = 180; if(windowWidth <1010){ pos = 0; } var offset = $("#moverisk").offset(); // alert(offset.top); $('html, body').animate({scrollTop : offset.top-pos}, 0); } }); </script>  <div id="container"> <div class="sub_visual_rn"> <span class="svrn3"></span> <div class="breadcrumb_rn"> <div> <a href="/main.smsb" class="ico_home" title="Go to Home" id="home">Home</a><span class="ico_arw">></span><a href="/rewardsProgram.smsb">Rewards Program</a><span class="ico_arw">></span><em>How it works</em> </div> </div> </div> <div class="page_tit"> <h2 class="page_tit_wht">Rewards Program</h2> </div> <div class="wrap_sub_menu"> <ul class="sub_menu"> <li class="on"><span>How it works</span></li> <li><a href="/hallOfFameInfo.smsb"><span>Hall of Fame</span></a></li> </ul> </div>  <div id="contents"> <div class="wrap_post"> <div class="post_list"> <p class="tit2">We appreciate your interest and intention to help improve the security of Samsung Mobile products.</p> <div class="box"> <p>We take security and privacy issues very seriously; and as an appreciation for helping Samsung Mobile improve the security of our products and minimizing risk to our end-consumers, we are offering a rewards program for eligible security vulnerability reports.<p> Please check below for more information on guidelines and eligibility for Samsung Mobile Security Rewards Program.<p> We look forward to your continued interests and participations in our Samsung Mobile Security Rewards Program. Through this rewards program, we hope to build and maintain valuable relationships with researchers who coordinate disclosure of security issues with Samsung Mobile.<p> To ensure smooth and timely operation, please make sure you carefully read and fully understand the requirements and guidelines below before submitting security reports for the rewards program.<p> Please refer to the <a title="Go to Security Reporting" class="txt_link" href="/securityReporting.smsb"><strong>Security Reporting</strong></a> page for submitting security reports. </p> </div> </div> </div> <div class="list_basic"> <div class="txt_section"> <strong>Conditions for rewards qualification:</strong> <ol> <li> 1. Security vulnerability report ("Report") must be applicable to <a href="/workScope.smsb" class="txt_link" target="_blank" title="eligible Samsung Mobile devices">eligible Samsung Mobile devices</a> (including smartphones, tablets, wearable devices and personal computers), services, applications developed and signed by Samsung Mobile, or eligible 3rd party applications developed for Samsung Mobile. <ul class="list_circle"> <li>Eligible Samsung Mobile Devices in their latest available Android version and firmware.</li> <li>Applicable Samsung Mobile services must be currently active. Vulnerabilities in services offered by other divisions of Samsung may not be eligible for a reward.</li> <li>Applications developed and signed by Samsung Mobile must be up-to-date with the latest update.</li> <li>Vulnerabilities in 3rd party software, in general, are not eligible for a reward.</li> </ul> </li> <li>2. In case of receiving duplicate Reports of a specific vulnerability, only the first Report is eligible for a reward. In some cases, Reports may also be considered duplicate if the patch for the vulnerability is already planned for release.</li> <li> 3. Reports related to the following categories are <b>not</b> eligible: <ul class="list_circle"> <li>Software bugs that have <a href="/securityReportingRiskClassification.smsb" class="txt_link" target="_blank" title="ineligible or less-than-Low Security Impact">ineligible or less-than-Low Security Impact</a></li> <li>A behavior of the software that is consistent with the security concept implemented by Samsung</li> <li>Require excessive preconditions to exploit a vulnerability such as physical connection to the device with hacking tools</li> <li>Scenarios requiring excessive user interaction or tricking users like phishing or clickjacking</li> <li>Vulnerability of a 3rd party code that affects not only Samsung devices but also other Android devices</li> <li>Vulnerabilities (affecting Samsung as well as other Android devices) that are covered by other bug bounty programs (Android Rewards, Qualcomm Bug Bounty, Samsung DS Bug Bounty, etc.) do not qualify</li> <li>Reports from people employed by Samsung and its affiliates, partners, or families of people employed by Samsung</li> <li>Reports based on information taken or obtained through illegal access of Samsung Confidential information</li> <li>Reports based on information that is already public</li> <li>Scenarios that can be mitigated if secure lock (PIN, Pattern, Password, or Biometric) authentication is enforced</li> <li>If Participant discloses any contents or information included in its Report before receiving the rewards or before receiving the disqualification notice from Samsung.</li> <li>Reports not submitted through "ticketing system", but sent via direct email (<a href="mailto:mobile.security@samsung.com" class="txt_link breakall">mobile.security@samsung.com</a>).</li> </ul> </li> <li>4. Samsung Mobile Security Rewards Program("rewards program") is operated by Samsung Mobile and offers monetary rewards to eligible participants in order to improve the security of Samsung Mobile products and services. Thus, the process of the rewards program from start to payout, the decision of severity level and reward amount, and terms and conditions, will be entirely determined and governed by Samsung. The policy, guidelines, qualification requirements and eligibility requirements for the rewards program may change without advanced notice. We may also stop the rewards program at any time.</li> <li> 5. Participation in the rewards program and reporting to Samsung Mobile shall not involve any illegal activities: <ul class="list_circle"> <li>Samsung Mobile services must not be interrupted and the reporting must not attack any Samsung internal or external servers, nor cause damage of data or physical assets.</li> <li>Participation in the rewards program or reporting to Samsung Mobile must not violate any applicable laws and regulations, or infringe any third party rights (including intellectual property rights).</li> </ul> </li> <li> 6. While participants’ comments and justifications will be carefully considered, Samsung will decide in its sole discretion: <ul class="list_circle"> <li>Whether the Report qualifies for the rewards program</li> <li>Which level of security risk ("severity") would be assigned to each Report</li> <li>The final rewards amount</li> </ul> </li> <li>7. For rewards eligibility, participants are asked not to publish or disclose the vulnerability in public until coordination with Samsung via communication at <a href="mailto:mobile.security@samsung.com" class="txt_link breakall">mobile.security@samsung.com</a></li> <li>8. Reported vulnerability or related exploits shall not be used for any illegal activities.</li> <li>9. Residents from countries sanctioned by the government of South Korea are not eligible for the rewards program.</li> <li>10. Depending on your local law, there may be additional restrictions on your eligibility to participate the rewards program.</li> <li>11. You acknowledge and agree that the Reports may be shared with our partners. </li> </ol> </div> <div class="txt_section"> <strong>Rewards Amount</strong> <ol> <li>The rewards amount will range between USD $200 and USD $1,000,000 for qualified Reports.</li> <li>Generally, higher severity issues, more rewards amount will be offered.</li> <li>However, to estimate the rewards amount, we consider various factors including severity level such as report quality, working Proof of Concepts(PoC), attack vector(network, adjacent local, physical), affected scope, difficulty of attacks(attack complexity, privileges required, user interaction required), and so on.</li> <li>So, a lower severity issue well qualified can get more bounty than a higher severity issue. On the other hand, please understand that no reward will be given to Reports with No Security Impact.</li> <li>Also, Reports that merely describe a software bug or a behavior of a software that is consistent with the security concept implemented by Samsung will be considered as Working as Intended.</li> <li>Please see below for detailed information related to Rewards Amount.</li> </ol> <strong2>Report Quality</strong2> <ol> <li> All reports should include the following mandatory items in order to be determined eligible. <ul class="list_circle"> <li>Version information of affected products</li> <li>Description of vulnerability, it should properly explain the practical security impact</li> <li>Detailed steps to reproduce the report (if needed, including video, image and other ways)</li> </ul> </li> <li>High quality report helps us for analyzing and understanding the vulnerability better, and this reduces the time for releasing patch to make users safe.</li> <li>After trying to find ways to offer higher rewards for reports with high impact reports and high quality reports, we are offering extra rewards for <a href="./securityReportingHighQualityReport.smsb" class="txt_link" target="_blank" title="well-written reports">well-written reports</a> with Good Report Bonus.</li> <li>Please check <a href="/securityPostDetail.smsb/188" class="txt_link" target="_blank" title="Good Report Bonus">Good Report Bonus</a> to gain additional rewards with your efforts.</li> </ol> <strong2>Affected Scope</strong2> <ol> <li>The range of affected devices is one of important criteria for determining the reward amounts. The scope is calculated by the factors including affected Android OS, and model ranges.</li> <li>There are weights for models, OS, deployment scopes, and latest OS, so with more globally affected vulnerabilities in newer, flagship models can lead to higher rewards with a larger scope.</li> <li>For example, vulnerabilities which only resides in limited SW in specific region, and restricted OS are going to be determined as small scope, and the reward amount can be reduced. On the other hand, vulnerabilities without any restriction for OS, model, and other ranges guaranteeing higher rewards.</li> </ol>  <strong2>Difficulty of attacks</strong2> <p>We also consider difficulty of attack as an important factor, such as attack complexity, and required privileges or user interaction.</p> <table class="list_table"> <caption>Samsung Mobile Security Risk Classification</caption> <colgroup> <col style="width:16%"> <col> </colgroup> <thead> <tr> <th scope="col">Criteria</th> <th scope="col">Explanation</th> </tr> </thead> <tbody> <tr> <td class="bg_g">Attack Complexity</td> <td> Indicates how complicated the attack is and whether it requires specific conditions. For instance, if it needs a particular circumvention, system status or excessive preconditions to trigger the vulnerability, then we determine the vulnerability requires high attack complexity. </td> </tr> <tr> <td class="bg_g">Privileges Required</td> <td> Indicates the level of privileges required for triggering the vulnerability. In general, we determine the vulnerability requires high privilege required when it requires specific privileged capabilities to trigger a vulnerability. </td> </tr> <tr> <td class="bg_g">User Interaction</td> <td> Indicates whether triggering vulnerability requires interaction with the victim. In general, when no user interaction is required, we determine that the vulnerability has high impact. </td> </tr> </tbody> </table> <span class="nsi_ex">The higher Attack Complexity, Privileges Required, User Interaction, the lower the reward amount.</span> </div>  <div class="txt_section"> <strong>Important Scenario Vulnerability Program</strong> <ol> <li>We started running a program for the reports which prove critical attack scenarios which have significant impact on our products. If you find any vulnerabilities related to Arbitrary Code Execution on highly privileged targets, Unlocking devices, Full User Data extractions, Arbitrary application installation or Bypass of device protection solution, you are able to receive up-to $1,000,000 which is the maximum amount covered by our program.</li> <li>Please join us in <a href="/securityPostDetail.smsb/189" class="txt_link" target="_blank" title="Important Scenario Vulnerability Program">Important Scenario Vulnerability Program</a> with your valuable researches.</li> </ol> </div> <div class="txt_section"> <strong>Rewards Process</strong> <ol> <li> When we completed releasing patches, our bounty team starts the Rewards process for the payout. Please check below information regarding our rewards process. <ul class="list_circle"> <li>You are responsible for any tax implications depending on your country of residency and citizenship. Withholding tax may be deducted from the monetary reward in accordance to the laws of applicable jurisdiction and the tax rate may differ by applicable countries.</li> <li>For qualified Reports, rewards will be paid out through Samsung's designated partner <a href="https://www.bugcrowd.com/" class="txt_link" target="_blank" title="Bugcrowd">Bugcrowd</a> via payment processing and participants will be contacted by Bugcrowd during the process. (Please note that some payouts can be delivered through an alternative way which will be guided through our official e-mail)</li> <li>This rewards program process will be terminated if the Report or participant's handling of the vulnerability does not meet the qualification requirements or any other necessary conditions.</li> <li>Once the rewards program process is initiated, it may take up to 2 months or more until the reward is paid out assuming the required documents are prepared with completeness and all required information are submitted on time.</li> </ul> </li> </ol> </div> <div class="wrap_button_center top_boder" style="display:none"> <button title="Security Reporting" class="btn_bl btn_l" type="button" onClick="openPage('/securityReporting.smsb')">Security Reporting</button> </div> </div> </div>  </div>   <footer id="footer"> <div class="in"> <div class="sitemap"> <p>SITE MAP</p> <ul> <li><a href="/workScope.smsb">Security Updates</a></li> <li><a href="/securityReporting.smsb">Security Reporting</a></li> <li><a href="/rewardsProgram.smsb">Rewards Program</a></li> <li><a href="/securityPost.smsb">Security Post</a></li> </ul> </div> <div class="site_link"> <div class="dropdown"><button type="button" class="dropbtn_none btn_footer_cookie" title="Cookie Policy">Cookie Policy</button></div> <div class="dropdown"> <button onclick="myFunction()" class="dropbtn" title="Privacy Policy">Privacy Policy</button> <div id="myDropdown" class="dropdown-content"> <a href="./privacy/global/privacy_notice.html" target="_blank" title="Global">Global</a> <a href="./privacy/us/privacy_notice_us.html" target="_blank" title="US">US</a> <a href="./privacy/eu/privacy_notice_eu.html" target="_blank" title="EU">EU</a> <a href="./privacy/latin/privacy_notice_latin.html" target="_blank" title="Latin America">Latin America</a> <a href="./privacy/korea/privacy_notice_korea.html" target="_blank" title="Korea">Korea</a> <a href="./privacy/brazil/privacy_notice_brazil.html" target="_blank" title="Brazil">Brazil</a> <a href="./privacy/turkey/privacy_notice_turkey.html" target="_blank" title="Turkey">Turkey</a> <a href="./privacy/vietnam/privacy_notice_vietnam.html" target="_blank" title="Vietnam">Vietnam</a> </div> </div> <div class="dropdown"><button type="button" onclick="location.href='http://www.samsung.com'" class="dropbtn_none" title="Samsung.com site new window">Samsung.com</button></div> </div> <button class="wtop" type="button" title="Move the screen to the top">Top</button> <span class="copy">Copyright© 2017 SAMSUNG All Rights Reserved.</span> </div> </footer>  </div>  <form method="post" name="menuMoveForm" id="menuMoveForm" action="/myRequest.smsr" > <input type="hidden" id="timeZoneHour" name="timeZoneHour" value="0" title="timeZoneHour"> <input type="hidden" id="portalIssue" name="portalIssue" value="0" title="portalIssue"> <input type="hidden" id="draftId" name="draftId" value="0" title="draftId"> </form> <form method="post" name="androidUpdatesSearchForm" id="androidUpdatesSearchForm" action="/androidUpdatesSearch.smsb" > <input type="hidden" id="androidSearchText" name="androidSearchText" value="" title="timeZoneHour"> </form> <script type="text/javascript" src="/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=179390916" async></script></body> </html>

CINXE.COM

Samsung Mobile Security