Scope of the Program
Our Bug Bounty reward program scope includes:
- Hardware / Software vulnerabilities on Samsung TV & Blu-ray Devices:
- - Samsung Smart TV, Smart Evolution Kit, Smart Blu-Ray Player, Smart Home Theater, Smart Media Player.
- - Models from 2014 to 2017 (e.g. H-series and above).
- Vulnerabilities on Samsung TV & Blu-ray Software:
- - Smart Hub and core components (e.g. Web browser, AllShare, Media Player, etc.).
- - Samsung TV & Blu-ray apps released by Samsung Electronics Co., Ltd. (e.g. Social TV, Media Hub, Camera).
- Vulnerabilities on Samsung TV & Blu-ray web infrastructures that directly support the operation of Smart TV and Blu-ray.
We are not rewarding:
- Non security related bugs.
- Vulnerabilities on all Systems / Devices / Apps / Websites not mentioned above.
- Vulnerabilities on websites providing commercial, informational or support related contents (even related to TV & Blu-ray).
- Vulnerabilities that have little or no impact (e.g. XSS that cannot lead to any exploit on a minor website)
- Security bugs in third-party Applications.
- Security bugs in third-party websites integrated with Samsung.
Your activities during vulnerability research should not threaten or impact the Business / Services / Users of Samsung and our partners. By impact we mean affecting confidentiality, integrity or availability of an asset.
Please refrain from:
- Accessing 3rd party accounts or data. (e.g. never compromise other people's account).
- Attempting Denial of Service attacks.
- Using Spam, Phishing or other Social Engineering techniques.
Additionally, all applicants should ensure that they understand and accept the responsible disclosure policy.
Hall Of Fame
Participants that contributed to identify security issues in above defined scope will be mentioned on our Hall of Fame page.
We will reward qualifying bugs depending on the maximum severity of the vulnerability and the priority of the target impacted.
- A vulnerability on a low priority server is likely to be rewarded $500, if in scope.
- A remote code execution vulnerability on a recent device is may be rewarded $3,000+.
You understand the final decision to reward and the amount of the reward is at our discretion.
We cannot reward you by giving any kind of device.