skip to content
Log out

Session expired

BUG SUBMISSION PROGRAM GUIDELINES


Security Hall of Fame - Requirements and Guidelines

Your participation in Motorola Solutions Bug Submission Program is voluntary and you must first meet the following requirements to potentially qualify for the “Security Hall of Fame”. The Security Hall of Fame is where publicly recognize the efforts of security researchers to contribute to the security of Motorola Solutions services and domains.

The Program is offered at the discretion of Motorola Solutions and Motorola Solutions has the right to terminate or modify the Program rules, procedures, benefits or conditions of participation, in whole or in part, at any time, with or without notice.

Failure to follow these guidelines will result in immediate disqualification from the Bug Submission Program.

  • Adhere to our Responsible Disclosure Policy.

  • Adhere to our Responsible Disclosure Terms and Conditions.

  • Do not use automated scanners to scan the application.

  • Do not engage in testing that would negatively impact Motorola Solutions applications or customers.

  • Do not publicly disclose your findings in any way without Motorola Solutions prior written approval.

  • Understand the assessment of the risk, it’s impact, severity, and other factors are at Motorola Solutions security team’s discretion.

Submitting a Security Vulnerability

A security vulnerability is a condition in a system or a device that can be exploited to violate its intended behavior, relative to confidentiality, integrity or availability.

  • For independent researchers: You may submit a security vulnerability by email or phone:

    • Email: managed-security@motorolasolutions.com (Please encrypt sensitive information)

    • US Telephone: +1.866.343.5220

    • All Other Locations Telephone:  +1.302.444.9838

  • For Motorola customers: Please provide vulnerability inputs through your normal service support process as this program is NOT for our customers. This will reduce the time is takes to reach the proper team.

  • For Motorola Solutions employees: Please provide vulnerability inputs through the proper internal channels.

To help us better address your discovery, please include the following information:

  • Contact Information: Your name, telephone number and email address

  • Application / Product Impacted: Model number and software version, if available

  • Vulnerability: Provide a brief description of the vulnerability

  • Full Description: Provide a full description of the vulnerability including exploit and impact

  • Documentation: Identify steps required to reproduce the vulnerability and may include videos, screenshots, PoC

  • IDs Used for Testing: Email ID, User ID , Account ID

  • IP Address Used for Testing: Include address and any tools

  • Disclosure Details: Confirm you have not disclosed your findings to anyone other than Motorola Solutions. If not true, to whom were details disclosed to?

 

Expectations After Submission

Please allow up to five business days for an acknowledgment of your submission. This time will allow us to be sure your submission is forwarded to the our Security team for review. If, for any reason, you do not receive an acknowledgment, please contact us again to ensure your submission was received.

What’s in Scope?

Any Motorola Solutions services and product domains.

Out-of-Scope Vulnerabilities

Certain vulnerabilities are considered out of scope and may not qualify for our “Security Hall of Fame”. Known excluded vulnerabilities include:

  • Social Engineering techniques or Spam

  • Host header

  • Denial of Service (DOS)

  • Self-XSS

  • Login/Logout CSRF

  • Content spoofing without embedded links / HTML

  • Vulnerabilities which require jailbroken mobile device or outdated web browsers

  • Infrastructure vulnerabilities, including:

    • Certificates/TLS/SSL related issues

    • DNS issues (e.g., MX records, SPF records)

    • Server configuration issues (e.g., Open ports, TLS)

Rewards Terms

We will review and recognize submitted reports on a case by case basis for any researcher that contacts Motorola Solutions regarding vulnerabilities within our services and product domains. In aligning to our commitment to partnering with you, you may be eligible to the Hall of Fame recognition if:

  • You are the first person to submit a site or product vulnerability AND

  • That vulnerability is determined to be a valid security issue by Motorola Solutions security team AND

  • You have complied with Motorola Solutions Responsible Disclosure Policy and Security Hall of Fame Requirements and Guidelines.

  • Under no circumstances is Motorola Solutions obligated to pay researchers a bounty for any submission.