Report Vulnerability

How To Participate

All you have to do is, fill your personal details and log the security bug along with the required snapshots and documents in the Report Vulnerability Form.

Henceforth, our security team will evaluate your reported bug and we will get back to you if it passes the evaluation.

Welcoming your participation!

Secure communications:
- By using the contact form, the information you send us will be encrypted.
- Please do not post results on unrestricted 3rd party websites (e.g. public video link, paste bin, public cloud...)

Report Vulnerability

1. Fill out the following "Report_template.pdf" file
2. Encrypt the report file with PGP key
- PGP Key: https://security.samsungtv.com/PublicKey.txt
3. Send email to secbugbounty@samsung.com as the following:
- Subject: [Bugbounty] your title
- Attach the report file
Notice : We can not receive the report if the following conditions
- The report file is not encrypted
- The email subject is not started with "[Bugbounty]"
- (For Korean, 국내용) 취약점제보 파일 내 "동의" 표시 필요

Responsible Disclosure Policy

At Samsung, we take security and privacy issues very seriously, and we value the security research community with our commitment to address potential security vulnerabilities as quickly as possible.
The responsible disclosure of security vulnerabilities in Samsung products(as well as their or any various integrated services such as Bixby) helps us ensure the security and privacy of our end-consumers.
We ask our security research community to:
- Make every effort to avoid privacy violations, degradation of user experience, disruption to internal or external servers, and destruction of data or physical assets during security testing;
- Use reporting guidelines stated above to report details of potential vulnerabilities as complete as possible; and
- Keep information about the potential vulnerability discovered confidential between yourself and Samsung until we have remedy in place.
- Restrain from using any exploits or vulnerabilities for commercial or business purpose.
In return, we commit to:
- Work with you to understand and resolve the potential vulnerability quickly;
- Make our best effort to resolve security vulnerabilities, and release patches to end-consumers on schedule for security updates.