<!DOCTYPE html> <html lang="en"> <head> <!--HTTP 1.1--> <meta charset="UTF-8" /> <meta http-equiv='X-UA-Compatible' content='IE=edge' /> <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=no" /> <link rel="stylesheet" href="/jquery/css/basic.css" type="text/css" /> <link rel="stylesheet" href="/./external/attach/css/attachment.css" /> <script src="/./jquery/jquery-1.12.2.js" type="text/javascript"></script> <script src="/./jquery/jquery-ui/jquery-ui.js" type="text/javascript"></script> <script src="/./jquery/validation/sdp.validate.js" type="text/javascript"></script> <script src="/./jquery/jquery.simplemodal.js" type="text/javascript"></script> <script src="/./js/portalCommon.js" type="text/javascript"></script> <script src="/./js/numberFormat.js" type="text/javascript"></script> <script src="/./js/menu.js" type="text/javascript"></script> <script src="/./js/common.js" type="text/javascript"></script> <script src="/./js/commonCalendar.js" type="text/javascript"></script> <script src="/./js/billboard/d3.min.js" charset="utf-8"></script> <script src="/./js/billboard/billboard.min.js"></script> <link href="/./js/billboard/billboard.min.css" rel="stylesheet"> <link rel="stylesheet" href="/css/style.css?ver=20241008a1" type="text/css" /> <!-- <link rel="stylesheet" href="/css/error.css" type="text/css" /> --> <!--[if IE]> <script src="/./js/html5.js"></script> <![endif]--> <title>Samsung Mobile Security</title> <link rel="shortcut icon" href="./images/common/favicon.ico" type="image/x-icon"> <link rel="icon" href="./images/common/favicon.ico" type="image/x-icon"> <script type="text/javascript"> var contextPath="/."; var language = 'en_US'; // 2022-10-27 session time out check if('' != ""){ sessionCheck(); } var sameSiteVal = ["Lax;", "None; Secure", "stric;"]; document.cookie = 'LANGUAGE=; expires=Thu, 01 Jan 1970 00:00:01 GMT; SameSite='+sameSiteVal[0]; //document.cookie = 'LANGUAGE=; expires=Thu, 01 Jan 1970 00:00:01 GMT;'; var cookieAccept = 'null'; $(document).ready(function() { /* 2023-10-10 버튼 효과 삭제 $(".menu > li").on("click", function(){ $(this).children("a").addClass("on"); }); */ //개인화 메뉴 펼치기 $(".personal_menu").click(function(){ $(".personal_box").slideToggle("fast"); $('.close_search').hide(); $('.wrap_search .wrap_input').hide(); $('.open_search').css('visibility','visible'); }); //mobile_ 메뉴 펼치기 $(".m_btn_menu").click(function(){ $(this).hide(); $('.m_btn_menu_close').show(); $('.wrap_m_menu').slideDown('fast'); $('.back_bg').fadeIn('fast'); }); $(".m_btn_menu_close").click(function(){ $(this).hide(); $('.m_btn_menu').show(); $('.wrap_m_menu').slideUp('fast'); $('.back_bg').fadeOut('fast'); }); //상단 검색 $('.open_search').click(function(){ $(".personal_box").slideUp("fast"); $('.wrap_search .wrap_input').show(); $(this).css('visibility','hidden'); $('.close_search').show(); $('.wrap_search .wrap_input').focus(); }); $('.close_search').click(function(){ $(this).hide(); $('.wrap_search .wrap_input').hide(); $('.open_search').css('visibility','visible'); }); $("#androidUpdatesMobileKey,#androidUpdatesWebKey").keydown(function (key) { if(key.keyCode == 13){//키가 13이면 실행 (엔터는 13) androidUpdatesSearch(this.id); } }); // 20210511 - 메뉴 슬라이드 $(".menu").hover(function(){ $(".submenu").show(); $(".submenu_bar").show(); /* if ($("#header").hasClass("menu_fix")){ } else { $(".submenu").show(); $(".submenu_bar").show(); } */ }).mouseleave(function(){ $(".submenu").hide(); $(".submenu_bar").hide(); }) //menu fixed function eventMenuFix(){ var menu = $('.mh'); var menu_offset = $('.mh').offset(); var submenu = $('.submenu'); $(window).scroll(function(){ if ($(this).scrollTop() >= menu.height() && $(window).width() > 1023){ menu.addClass('menu_fix'); }else { menu.removeClass('menu_fix'); }; }); }; if($(window).width() > 1023){ $('#header').addClass('mh'); eventMenuFix(); }else if($(window).width() < 1023){ $('#header').removeClass('mh'); eventMenuFix(); }; eventMenuFix(); //top btn $(".mtop_wrap button.mtop").click(function(){ $("html, body").animate({scrollTop:0}, 400); }); $("button.wtop").click(function(){ $("html, body").animate({scrollTop:0}, 400); }); // 쿠키 설정 확인 if( cookieAccept != 'Y' ) { //alert('aa'); //$(".fullscreen").removeClass('none'); setTimeout("createCookie()", 1000); } // 20210504 - Cookies Layer $(".txt_link_cookies, .btn_footer_cookie").on("click",function(){ $("#cookies_layer").fadeIn(); }) $("a.btn_cookies_close").on("click",function(){ $("#cookies_layer").fadeOut(); }) // 20210504 - Cookie-banner close $("a.btn_cookie_banner_close").on("click",function(){ $(".fullscreen").fadeOut(); }) }); function createCookie(){ $(".fullscreen").fadeIn(); //$(".fullscreen").slideUp(); } function movePage(pageUrl) { var d = new Date(); var timeZoneHour = d.getTimezoneOffset() / 60; timeZoneHour = -1 * timeZoneHour; $("input[name='timeZoneHour']").val(timeZoneHour); document.menuMoveForm.action=pageUrl; document.menuMoveForm.submit(); } function androidUpdatesSearch(searchObj) { var androidSearchText = $("#"+searchObj).val(); var pattern = /^[a-zA-Z0-9|-]*$/; if(androidSearchText=="") { alert('Please enter the search word.'); } else if(pattern.test(androidSearchText)) { $("#androidSearchText").val(androidSearchText); document.androidUpdatesSearchForm.submit(); } else { alert('You can not enter characters other than uppercase and lowercase letters, numbers, "-".'); } } function goCookieAccept() { var params = {}; $.ajax({ type:'POST', url:'/./cookieAccept.smsb', data:params, dataType:'json', async:false, success:function(ret) { hideLoading(); if( ret.success == true ) { $(".fullscreen").fadeOut(); cookieAccept = 'Y'; } else { alert("Please contact administrator!"); } }, error : function(request, err, ex) { hideLoading(); //alert('Please contact administrator'); alert("Please contact administrator" + "\n" + "code : " + request.status + "\n" + "message : " + request.responseText + "\n" + "error : " + err + "\n" + "ex : " + ex); } }); } function goLogin(){ /* if( cookieAccept != 'Y' ) { $(".fullscreen").fadeIn(); alert('If you continue to submit report, please accept cookies form this site.'); return; } */ var url = '/sa/anonymous/loginPage.do'; openPage(url); } function myFunction() { document.getElementById("myDropdown").classList.toggle("show"); } window.onclick = function(event) { var matches = event.target.matches ? event.target.matches('.dropbtn') : event.target.msMatchesSelector('.dropbtn'); if (!matches) { var dropdowns = document.getElementsByClassName("dropdown-content"); var i; for (i = 0; i < dropdowns.length; i++) { var openDropdown = dropdowns[i]; if (openDropdown.classList.contains('show')) { openDropdown.classList.remove('show'); } } } } </script> <script> </script> </head> <body> <!-- Cookie 설정 --> <div class="fullscreen visible"><div class="leica-overlay content-container"><div class="cookie-banner"> <a href="javascript:goCookieAccept();" class="btn_cookie_banner_close" data-role="accept-all-cookies">close</a> <div class="contentlayercontent"> <div class="cookie-banner__body row"> <div class="col"> <p class="cookie_banner_tit">Samsung Mobile Security and Cookies</p> <p>Our site uses essential cookies only. You can read our <a href="./privacy/global/privacy_notice.html" class="txt_link2" title="Privacy Policy" target="_blank">Privacy Policy</a> and <a href="javascript:void(0)" class="txt_link2 txt_link_cookies" title="Cookie Policy">Cookie Policy</a> for more information.</p> <!--<p>This site uses cookies to provide you the best user experience possible with optimized functionality. By continuing to use this site, you accept our <a href="./etc/cookiePreferences.html" class="txt_link2" title="Cookie Preferences">use of cookies</a>//--> </div> <!-- <div class="col span12"> <a href="javascript:goCookieAccept();" class="button" data-role="accept-all-cookies">Accept</a> </div> //--> </div> </div> </div></div></div> <!-- 210504 - Cookies Layer Popup --> <div id="cookies_layer"> <a href="javascript:void(0);" class="btn_cookies_close">close</a> <div class="cookies_layer_inner"> <h2>Samsung Mobile Security <br>Cookie Policy</h2> <p class="cookies_dates">Updated on Jan 17, 2022</p> <div class="cookies_cont"> <p class="cookies_cont_txt">This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.<br><br> It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.<br><br> Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at <a href="https://www.samsung.com/request-desk" class="txt_link2" target="_blank">https://www.samsung.com/request-desk</a>. </p> <p class="cookies_cont_txt c_center">You can also contact us at:</p> <p class="cookies_cont_txt_box c_center">European Data Protection Officer<br> Samsung Electronics (UK) Limited<br> Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS </p> <h4>Cookies</h4> <p class="cookies_cont_txt">Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.<br><br> We use the following types of cookies on this website:<br><br> <b>Essential Cookies</b>: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided. </p> <div class="cookies_cont_tb"> <table> <thead> <tr> <th>Cookie</th> <th>Domain</th> <th>Purpose</th> </tr> </thead> <tbody> <tr> <td>JSESSIONID</td> <td>security.samsungmobile.com</td> <td>to keep login session</td> </tr> <tr> <td>lastActivityTime</td> <td>security.samsungmobile.com</td> <td>to save the user's last activity time to automatically logout after 30 minutes of inactivity</td> </tr> </tbody> </table> </div> <h4>Managing Cookies and Other Technologies</h4> <p class="cookies_cont_txt">You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at <a href="http://www.allaboutcookies.org" class="txt_link2" target="_blank">http://www.allaboutcookies.org</a>.</p> </div> </div> </div> <!-- //210504 - Cookies Layer Popup --> <!-- skipnav --> <div id="skipnav"> <a href="#gnb">Go straight to the menu</a> <a href="#home">Go straight to the text</a> </div> <!-- //skipnav --> <!-- wrap --> <div id="wrap"> <!-- header --> <header id="header_wrap"> <div id="header" class="main_header"> <div class="header_inner"> <div class="wrap_top"> <h1 class="logo"><a href="/./main.smsb"><strong>Samsung </strong>Mobile Security</a></h1> <!-- web --> <div class="gnb" id="gnb"> <!-- menu --> <ul class="menu"> <li><a href="/./workScope.smsb">Security Updates</a> <ul class="submenu"> <li><a href="/./workScope.smsb">Scope</a></li> <li><a href="/./securityUpdate.smsb">Firmware Updates</a></li> <li><a href="/./serviceWeb.smsb">Other Updates</a></li> </ul> </li> <li><a href="/./securityReporting.smsb">Security Reporting</a> <ul class="submenu"> <li><a href="/./securityReporting.smsb">Reporting</a></li> <li><a href="/./securityReportingProcess.smsb">Process</a></li> <li><a href="/./securityReportingRiskClassification.smsb">Severity Classification</a></li> </ul> </li> <li><a href="/./rewardsProgram.smsb">Rewards Program</a> <ul class="submenu"> <li><a href="/./rewardsProgram.smsb">How it works</a></li> <li><a href="/./hallOfFameInfo.smsb">Hall of Fame</a></li> </ul> </li> <li><a href="/./securityPost.smsb">Security Post</a></li> </ul> <!-- //menu --> <div class="toplink"> <span class="t_btn_login"><a href="javascript:goLogin();" title="Go to login">Login</a></span> <!-- Search --> <div class="wrap_search"> <a href="javascript:;" class="open_search">Search</a> <a href="javascript:;" class="close_search" style="display:none">Search Close</a> <div class="wrap_input" style="display:none"> <input id="androidUpdatesWebKey" name="androidUpdatesWebKey" type="text" placeholder="Enter the search word(ex. CVE, SVE.. )" title="search" style="height:100%;border:0px;"> <a href="javascript:androidUpdatesSearch('androidUpdatesWebKey')" class="btn_search">Search</a> </div> </div> <!-- //Search --> <!-- [D]login 후 개인화 메뉴 --> </div> </div> <!-- //web --> </div> <!-- mobile --> <div class="wrap_mobile_menu"> <div class="m_toplink"> <button type="button" class="m_btn_menu" title="Total Menu">Total Menu</button> <button type="button" class="m_btn_menu_close" title="Close the entire menu">Close the entire menu</button> </div> <div class="wrap_m_menu"> <!-- Search --> <div class="wrap_m_search"> <div class="wrap_input"> <input type="text" id="androidUpdatesMobileKey" name="androidUpdatesMobileKey" placeholder="Enter the search word(ex. CVE, SVE.. )" title="search" style="height:100%;border:0px;"> <a href="javascript:androidUpdatesSearch('androidUpdatesMobileKey')" class="btn_search">Search</a> </div> </div> <!-- //Search --> <ul class="m_main_menu"> <li><a href="/./workScope.smsb">Security Updates</a></li> <li><a href="/./securityReporting.smsb">Security Reporting</a></li> <li><a href="/./rewardsProgram.smsb">Rewards Program</a></li> <li><a href="/./securityPost.smsb">Security Post</a></li> </ul> <ul class="m_personal_menu"> <li><a href="javascript:goLogin();" title="Go to login">Login</a></li> <!-- [D]login 후 개인화 메뉴 --> </ul> </div> <div class="back_bg"></div> </div> <!-- //mobile --> </div> <div class="submenu_bar"></div> </div> </header> <!-- //header --> <!-- 각 개발된 화면 UI 입력되는 Part --> <script type="text/javascript"> document.title = 'Security Reporting | Samsung Mobile Security'; $(document).ready(function() { $(".menu > li").siblings("li:eq(0)").find("a").addClass("on"); var mrisk = ""; if(mrisk == "Y"){ var windowWidth = $( window ).width(); var pos = 180; if(windowWidth <1010){ pos = 0; } var offset = $("#highQuality").offset(); // alert(offset.top); $('html, body').animate({scrollTop : offset.top-pos}, 0); } }); function goForm(){ /* if( cookieAccept != 'Y' ) { alert('If you continue to submit report, please accept cookies form this site.'); return; } */ var url = '/securityReportingForm.smsr'; openPage(url); } function fnMove(){ var windowWidth = $( window ).width(); var pos = 60; if(windowWidth <1010){ pos = 0; } var offset = $("#moverisk").offset(); if(offset.top > 1000){ pos = 120; } // alert(offset.top); $('html, body').animate({scrollTop : offset.top-pos}, 0); } </script> <!-- container --> <div id="container"> <div class="sub_visual_rn"> <span class="svrn2"></span> <div class="breadcrumb_rn"> <div> <a href="/main.smsb" class="ico_home" title="Go to Home" id="home">Home</a><span class="ico_arw">&gt;</span><a href="/securityReporting.smsb">Security Reporting</a><span class="ico_arw">&gt;</span><em>Process</em> </div> </div> </div> <div class="page_tit"> <h2 class="page_tit_wht">Security Reporting</h2> </div> <div class="wrap_sub_menu"> <ul class="sub_menu"> <li><a href="/securityReporting.smsb"><span>Reporting</span></a></li> <li class="on"><span>Process</span></li> <li><a href="/securityReportingRiskClassification.smsb"><span>Severity Classification</span></a></li> </ul> </div> <!-- contents --> <div id="contents"> <div class="list_basic"> <div class="txt_section pt0"> <strong>Process</strong> <ul class="dep_ul"> <li>Our dedicated security analysts will work with you throughout the process from the point you submit a security vulnerability report through the ticketing system. Our priority is to make sure we address security issues as soon as possible while communicating with you and rewarding you as an appreciation.</li> <li>We encourage the reporting party to place the users&rsquo; interest first and follow the philosophy of <a href="/securityReporting.smsb#Responsible" class="txt_link">Responsible Disclosure</a>, which involves privately notifying us of any security vulnerabilities before disclosing them in public to allow us to resolve the vulnerabilities and minimize overall risk to users.</li> </ul> </div> <div class="txt_section"> <strong>How the process works</strong> <div class="process_ing"> <ul> <li><span class="icon_process01"></span>Report</li> <li><span class="icon_process02"></span>Analyze</li> <li><span class="icon_process03"></span>Patch</li> <li><span class="icon_process04"></span>Publish</li> <li><span class="icon_process05"></span>Reward</li> <li><span class="icon_process06"></span>Close</li> </ul> </div> <div class="dl_tb"> <dl> <dt><em>01.</em> Report</dt> <dd> <p class="dl_dd_tit">Submission of Vulnerability Report via Security Reporting Page of the ticketing system (<a href="javascript:goLogin();" title="Go to login" class="txt_link">Samsung Account required</a>)</p> <p>When we receive a report via Security Reporting in the ticketing system, the automatic reply email will be sent. If you don&rsquo;t receive any response email, please check if the report is correctly registered and make sure email from <a href="mailto:mobile.security@samsung.com" class="btn_reporting_guidelines_mail txt_link">mobile.security@samsung.com</a> is not flagged as junk email.</p> </dd> </dl> <dl> <dt><em>02.</em> Analyze</dt> <dd> <p class="dl_dd_tit">Internal Evaluation of Report and Severity Level based on Security Impact and Proof-of-Concept</p> <p>When a security analyst is assigned for the issue, the automatic reply email will be sent. Next, the analyst will start analyzing the issue and keep communicating with you to confirm the issue if necessary.</p> </dd> </dl> <dl> <dt><em>03.</em> Patch</dt> <dd> <p class="dl_dd_tit">Development of Relevant Security Patch and final decision of Severity Level</p> <p>When the analyst completes analysis, the Samsung&rsquo;s internal security team will decide severity from the analysis result on the basis of <a href="./securityReportingRiskClassification.smsb" class="txt_link">Samsung Mobile Security Risk Classification</a> as well as internal criteria, and let you know it by email.</p> <p>Also, the analyst will start working with the respective development team to prepare patches.</p> </dd> </dl> <dl> <dt><em>04.</em> Publish</dt> <dd> <p class="dl_dd_tit">Make vulnerabilities public through posting them on this site and assign CVE IDs</p> <p>Right after the patches start releasing, we publicly release the vulnerability information and acknowledge your contribution for helping us improve the security of Samsung devices and services. And we publish the CVE ID for the issue as necessary.</p> </dd> </dl> <dl> <dt><em>05.</em> Reward</dt> <dd> <p class="dl_dd_tit">If qualified, Rewards are paid through <a href="https://www.bugcrowd.com/" class="txt_link" target="_blank">Bugcrowd</a> (via payment processing)</p> <p>If the report is eligible for reward, we start the rewards process. To start this process, we notify you of rewards amount and request required information for payment processing. (You will be asked to provide your full name, country of residence and address, postal code, and phone number for rewards purpose.) And the information will be sent to Samsung&rsquo;s designated partner Bugcrowd who will then contact you to confirm the pay-out rewards and payment method.</p> </dd> </dl> <dl> <dt><em>06.</em> Close</dt> <dd> <p class="dl_dd_tit">Rewards payout is complete or the Report is Closed as [Duplicate/ No Security Impact/ Working as Intended/ AOSP / No information provided]</p> <p>When the process is completed, we will notify the you of closing the process.</p> </dd> </dl> </div> </div> </div> <!-- //contents --> </div> <!-- //container --> <!-- footer --> <footer id="footer"> <div class="in"> <div class="sitemap"> <p>SITE MAP</p> <ul> <li><a href="/workScope.smsb">Security Updates</a></li> <li><a href="/securityReporting.smsb">Security Reporting</a></li> <li><a href="/rewardsProgram.smsb">Rewards Program</a></li> <li><a href="/securityPost.smsb">Security Post</a></li> </ul> </div> <div class="site_link"> <div class="dropdown"><button type="button" class="dropbtn_none btn_footer_cookie" title="Cookie Policy">Cookie Policy</button></div> <div class="dropdown"> <button onclick="myFunction()" class="dropbtn" title="Privacy Policy">Privacy Policy</button> <div id="myDropdown" class="dropdown-content"> <a href="./privacy/global/privacy_notice.html" target="_blank" title="Global">Global</a> <a href="./privacy/us/privacy_notice_us.html" target="_blank" title="US">US</a> <a href="./privacy/eu/privacy_notice_eu.html" target="_blank" title="EU">EU</a> <a href="./privacy/latin/privacy_notice_latin.html" target="_blank" title="Latin America">Latin America</a> <a href="./privacy/korea/privacy_notice_korea.html" target="_blank" title="Korea">Korea</a> <a href="./privacy/brazil/privacy_notice_brazil.html" target="_blank" title="Brazil">Brazil</a> <a href="./privacy/turkey/privacy_notice_turkey.html" target="_blank" title="Turkey">Turkey</a> <a href="./privacy/vietnam/privacy_notice_vietnam.html" target="_blank" title="Vietnam">Vietnam</a> </div> </div> <div class="dropdown"><button type="button" onclick="location.href='http://www.samsung.com'" class="dropbtn_none" title="Samsung.com site new window">Samsung.com</button></div> </div> <button class="wtop" type="button" title="Move the screen to the top">Top</button> <span class="copy">Copyright© 2017 SAMSUNG All Rights Reserved.</span> </div> </footer> <!-- //footer --> </div> <!-- //wrap --> <form method="post" name="menuMoveForm" id="menuMoveForm" action="/myRequest.smsr" > <input type="hidden" id="timeZoneHour" name="timeZoneHour" value="0" title="timeZoneHour"> <input type="hidden" id="portalIssue" name="portalIssue" value="0" title="portalIssue"> <input type="hidden" id="draftId" name="draftId" value="0" title="draftId"> </form> <form method="post" name="androidUpdatesSearchForm" id="androidUpdatesSearchForm" action="/androidUpdatesSearch.smsb" > <input type="hidden" id="androidSearchText" name="androidSearchText" value="" title="timeZoneHour"> </form> </body> </html>