Effective Date: Nov 1st, 2018
V1.0 2018-8-15 Release the first edition
V1.1 2018-11-1 Supplement the description related to ownership
Welcome (the reporter of vulnerabilities, hereinafter referred to as the reporter) to use the OPPO Security Response Center platform service. This Agreement stipulates the rights and obligations of Guangdong OPPO Mobile Telecommunications Corp., Ltd. and its related enterprises (hereinafter referred to as "OPPO") and users who log in and use the OPPO Security Response Center (security.oppo.com, OSRC) (hereinafter referred to as "reporters") in terms of vulnerabilities collection and submission on the OSRC website. Please read this Agreement carefully before submitting vulnerabilities. The act of the reporter to use this platform to submit vulnerabilities indicates that the reporter has completely and accurately read and understood the contents of this Agreement, and is willing to be bound by the Agreement. OPPO reserves the right to modify and update this Agreement from time to time, and the reporter shall pay attention to the latest version hereof. If you have any objection to the modifications or you disagree with the rules published by OSRC, please stop using the service immediately.
This Agreement shall go into effect after the reporter clicks "agree".
1.1 To OPPO, the related enterprise refers to the particular party which is directly or indirectly owned or controlled by OPPO through contractual arrangement or by any other means, or owns or controls OPPO, or with which OPPO is under the same control by any other subject.
1.2 Confidential information refers to any exclusive and/or confidential information related to the scope of the Agreement which is disclosed by one party (“OPPO”) to the other party (“the reporter”) through any carrier in oral or written form.
2.1 The reporter shall keep secret for the confidential information and promise to treat all the confidential information disclosed by OPPO prudently at least to the extent how the reporter treats with and prevents his/her own confidential information from being disclosed externally, which shall not be lower than the reasonable extent. Without the prior written consent of OPPO, the reporter shall not disclose any such confidential information to any third party.
2.2 The reporter pledges to submit vulnerabilities with good intention, responsibility and a cooperative attitude. OPPO will respond as soon as possible after the submission. If such vulnerabilities indeed exist, OPPO will communicate with the reporter in time and confirm the progress of the vulnerabilities fixing. To ensure user security, the reporter shall pledge not to disclose relevant vulnerabilities-related information to any third party before such vulnerabilities are fixed.
2.3 If the reporter finds that the vulnerability may be exploited by other malicious attackers or is known by a third party that actually exists, the reporter shall notify OPPO of this situation first. OPPO will confirm whether there is an actual threat and decide whether and how to take preventive or repair measures based on the overall situation. Even if the above-mentioned actual threat exists indeed, the reporter will respect and trust the handling of the vulnerability by OPPO and agree to not disclose the vulnerability-related information to any third party.
2.4 In the process of discovering the vulnerability, if the reporter gets contact with data of OPPO or users and knows that such data is confidential, the reporter will not plagiarize, steal, change, use, or copy, carry, distribute, or leak such data by any means such as downloading and storing. Under no circumstances shall the ownership of OPPO on such data be transferred in any form.
2.5 The reporter undertakes that he/she will not use the discovered vulnerability to seek other benefits beyond the rating and rewards provided by this platform.
2.6 The reporter shall not, in any identity and in any way, make any public or nonpublic comments on the vulnerabilities and intelligence information involved in this Agreement. If you are unable to confirm whether certain information is confidential, you shall also protect it as confidential information.
III. Confidentiality Period
3.1 The obligation of the reporter to protect the confidential information under this Agreement cannot be removed until OPPO discloses the confidential information.
3.2 This Agreement shall remain effective for a long term from the day it comes into force.
IV. Restriction for Use
4.1 The reporter promises to use the confidential information only for the purpose of projects. The reporter is expressly prohibited from using the confidential information of OPPO for any other purposes other than projects.
4.2 At OPPO's written request at any time, the reporter shall: (1) return to OPPO all the confidential information of OPPO, all the documents or media containing such confidential information, and all the copies or abstracts of such information, or (2) destroy all the documents or media containing such confidential information, and all the copies or abstracts of such information, and provide OPPO with a written certificate of such destruction signed by an authorized representative of the reporter.
4.3 The reporter shall not carry out reverse engineering, decompilation or disassembling on any software disclosed to him/her, and shall not delete, overprint, or smear any copyright, trademark, logo, identification, marginal data or other ownership statement on any original or copy of the confidential information disclosed by OPPO.
4.4 The reporter shall not use the vulnerabilities and relevant information provided by the vulnerabilities and information of the OSRC website. To be concrete, you shall not engage in the following activities:
1) Enter into the computer information network or use the computer information network resources without permission;
2) Delete, modify or add computer information network functions without permission;
3) Delete, modify or add data and applications stored, processed in or transmitted into the computer information network without permission;
4) Deliberately make and spread destructive programs such as computer viruses;
5) Other behaviors that endanger the security of the computer information network.
If you violate the above-mentioned commitments OPPO will have the right to take such measures as cancelling your account. If OPPO suffers any losses due to your aforesaid behaviors, you shall compensate for that.
4.5 When using the OSRC website, the reporter shall abide by national and local laws and regulations, industry practices and social public ethics, and shall not use the OSRC website and its related services to store, release and disseminate the following information and content:
1) Any content (information) that violates national laws, regulations, and policies;
2) Political propaganda or news information in violation of state regulations;
3) Information concerning state secrets or security;
4) Feudal superstitious, obscene, pornographic and indecent information or information that instigates others to commit any crime;
5) Lottery with prizes and gambling games;
6) Information that violates national ethnic and religious policies;
7) Information that impedes the Internet security;
8) Information that infringes the lawful rights and interest of others or other information or content that is detrimental to social order, public security, and public morality;
You also promise not to provide any convenience to others for publishing the information (content) above that does not comply with the national regulations or the terms of this Agreement, including but not limited to setting URL links.
5.1 You understand and agree that the vulnerabilities you submitted on the OSRC platform whose existence is verified by OSRC will be subsequently handled by OSRC by default.
5.2 You understand and agree that the ownership and all the intellectual property rights of the vulnerability report submitted by you on the OSRC platform are owned by OPPO. Without the written consent of OPPO, you shall not use, disclose to any third party or allow such party to use the aforesaid vulnerability report and such intellectual property rights. If you violate this term, OPPO has right to recover all the rewards issued to you and hold you accountable by law.
5.3 This Agreement shall not be deemed as setting any obligation for any party to enter into any contractual arrangement of any kind in the future.
All the confidential information disclosed hereunder is provided "as it is", without any expressed, implied or otherwise warranties of any kind with respect to its accuracy or performance, fitness to any particular purpose, or non-infringement.
VII. Applicable Laws
7.1 The rights and obligations of both parties hereunder shall be governed by the laws of the People's Republic of China which have been promulgated and entered into force. OPPO reminds you to read it carefully and consider the risks by yourself. Minors shall read this Agreement in the company of a legal guardian.
7.2 If the parties fail to settle any dispute, divergence or claim arising from or in connection with the interpretation of this agreement or any of its terms (including any issues concerning the conclusion, existence, validity, performance, default or termination of this Agreement), such dispute, divergence, or claim shall be submitted to People's Court of Nanshan District of Shenzhen in the place where the contract is signed, and settled by lawsuit.
VIII. Bonus Conversion Instructions
8.1 The bonus will be transfered through a third party bank account.
8.2 At the time of settlement, we will convert the bonus into US dollars at the exchange rate of the day. Exchange rate reference: http://www.pbc.gov.cn/english/130437/index.html
8.3 To enable the bonus transfer, we need to collect from you the following information: Account Name,Bank Name,Account IBAN No,SWIFT.
8.4 We assure you the above personal information will only be used for bonus payment purpose.
IX. General Provisions
9.1 The parties agree that when one party violates or has the potential to violate the obligations of this Agreement while the other party does not receive sufficient legal remedies, the other party shall have the right to obtain appropriate equitable relief. If the reporter or the employee of the reporter violates the agreement and causes damage to OPPO, the reporter shall compensate for the loss of OPPO. In a litigation arising from the execution of this Agreement, the winning party shall have the right to require the other party to compensate for the reasonable counsel fees, arbitration fees and other related expenses that have been incurred.
9.2 You may not assign or otherwise transfer this Agreement and any rights granted under this Agreement.
9.3 This Agreement supersedes any prior discussions conducted or any written Agreement reached on the subject matter of this Agreement, and constitutes the entire Agreement between the parties with respect to the subject matter of this Agreement. Any waiver or modification to this Agreement shall be made in writing and shall be binding on both parties upon it's officially signed by the authorized representative of each party. Failure to exercise a right or delay in exercising a right shall not be deemed as a waiver of such right.
9.4 If a certain clause of this Agreement is considered as non-executable by a court or other court with jurisdiction, the other clauses of this Agreement shall remain in full force and effect.
OPPO Mobile Telecommunication Co., Ltd.