ZTE Corporation expands its Bug Bounty in partnership with YesWeHack

October 11, 2021

ZTE banner

YesWeHack is partnering with ZTE Corporation to confront new security challenges brought by the 5G network commercialization. Through its bug bounty platform, YesWeHack will invite over 30,000 global security researchers to secure ZTE’s products further and discover vulnerabilities typically missed in traditional security audits.

Cybersecurity is always a fundamental factor in the telecoms industry. It has become even more critical because the deployment of 5G sees an increase in the potential attack surfaces and threat landscape with the introduction of new technologies, techniques and capabilities. In addition, the ability of 5G to support massive IoT connectivity introduces many times more devices connected to the network, presenting a wide-reaching and increased attack surface.

Shenzhen headquartered ZTE Corporation is a major international telecommunications provider and builds mobile internet technology solutions for enterprises and consumers. The telecommunications giant has expanded its bug bounty program in partnership with YesWeHack, the first European crowdsourced security platform.

ZTE integrates its capabilities and expertise across handsets, mobile broadband, terminal chipset modules, and peripheral products to create a more intelligent 5G ecosystem. YesWeHack’s vast cybersecurity research community will help identify potential vulnerabilities in ZTE Products. This partnership highlights ZTE’s commitment to building a sound cybersecurity governance structure and creating an end-to-end security assurance mechanism for all product life cycle phases.

“Through openness and transparency, we try to give our customers confidence by letting them see what we do and how we provide end-to-end security,” said Zhong Hong, the Chief Security Officer at ZTE. “Our partnership with YesWeHack will help to enhance the security of ZTE’s products and confront new challenges brought by the 5G network commercialization,” he added.

This bug bounty program for ZTE products rewards up to €2000 for critical bugs in several product categories such as 5G Common Core, 5G NR, Fixed Network, Multimedia, Cloud Video, Cloud Computing, Database management Systems and Terminal products.

“We share ZTE’s commitment to providing their customers with secure and trustworthy products and services. The richness and diversity of the YesWeHack community offer the spectrum of skills required to cover the full range of perimeters, whether hardware or applications. Furthermore, as a significant player in the industry, ZTE is keenly aware of cybersecurity issues from the very beginning and continues to enhance its internal security governance by implementing security by design and security by default,” said Kevin Gallerin, APAC Managing Director, YesWeHack

Cybersecurity is one of the highest priorities of ZTE’s product development and delivery business units. As a result, ZTE has established a holistic cybersecurity governance structure underpinning the company’s development strategy.

Xu Ziyang, CEO of ZTE Corporation, highlighted the importance of intrinsic security in his keynote speech “Fuel the Digitalization, Endow with Intelligence”, delivered at Mobile World Congress 2021. “Intrinsic security acts as a self-sensing, self-adaptive, and self-evolving immune system for networks. Built during network construction, it offers multiple security functions and can evolve automatically during network operation, thus constantly guaranteeing the security, services, and data”, he said.

YesWeHack logo

About YesWeHack

Founded in 2015, YesWeHack is the #1 European Bug Bounty & VDP Platform. YesWeHack offers companies an innovative approach to cybersecurity with bug bounty (pay-per-vulnerability discovered), connecting tens of thousands cybersecurity experts (ethical hackers) across 170 countries with organizations to secure their exposed scopes and reporting vulnerabilities in their websites, mobile apps, infrastructure and connected devices. YesWeHack runs private and public programs for hundreds of organizations worldwide in compliance with the strictest European regulations.

In addition to the Bug Bounty platform, YesWeHack also offers support in creating a Vulnerability Disclosure Policy (VDP), a learning platform for ethical hackers called Dojo and a training platform for educational institutions, YesWeHackEDU. For more information: www.yeswehack.com

Media Contact: press@yeswehack.com

Want to discuss crowdsourced security with our experts?