ZTE has always been focusing on our information security, and receives full support and concern from industry peers and security specialists. To improve our information security level, to guarantee the interests of clients, employees and shareholders, and to show gratitude, ZTE now initiates Information Security Award Program for White Hats. Details see as below.
White Hats here in this program refer to
Those who are not ZTE employees, found security holes or risk of ZTE IT system, don’t spread or maliciously exploit of them, and report to ZTE in time.
or Those who are not ZTE employees, found clues on secret disclosure or secret stolen of ZTE, don’t spread or maliciously exploit of them, and report to ZTE in time.
Process of feedback
A. Submit: White Hats shall submit detailed and true information about security problem to firstname.lastname@example.org by PGP mail, if necessary please attached emergent contact, i.e. QQ, Skype, phone number.
B. Follow-up: ZTE PSIRT members will follow up the issues, and contact white hats for details when necessary.
C. Investigation and verification: ZTE PSIRT will investigate and verify problem and give feedback to the white hats.
D. Processing: ZTE PSIRT will organize members to process and fix up the security problems, feedback to the white hats after it’s completed. We hope white hats can help us to validate it.
E. Announcement: ZTE PSIRT will announce white hats’ scores at the end of each month and reward according to the scores.
Rules of Score and Award
A. Each hole is up to 10 points, and each clue up to 30 points. ZTE PSIRT will score according to its seriousness.
B. For the same reports, score will be given to the first reporter according to received time.
C. Holes or clues that had been publicized on internet will not be counted any score.
D. Holes being publicized before their fix-up, or clues being publicized before their processing totally will not be counted any score.
E. Holes and clues unrelated to ZTE will not be counted any score. But we will assist to forward and process.
F. Holes or clues unable to be verified will not be counted any score.
G. Award is only given to white hats who reported holes or clues.
H. White hats will be rewarded with ZTE brand cell-phone or other product, cash, the opportunity to visit ZTE, or Honor Certificate according to scores. True contact information is needed for getting rewards.
A. We will not reply or process unrelated issues. There is maybe a little response delay during Chinese festivals and holidays.
B. ZTE employees can’t be involved in this program. Otherwise, he/she will be treated for breaching disciplinary rules.
C. Anyone who reports dishonesty issues or exploits holes will be submitted to police.
D. We will initiate an Award Program for Reporting Product Security, and initiate more report methods in the future; we are looking forward to your continual attention.
E. ZTE PSIRT owns the final explanation right for Award Program for White Hats.
ZTE PSIRT will improve the process and scope of Award Program for White Hats. You are welcomed to communicate with us via email, with your suggestions headline beginning with [White Hats’ Suggestion]. We learned TSRC before the program’s building up, and therefore show our great gratitude to them.