2014年1月30日，联想集团收购了摩托罗拉的手机业务。

现联想SRC自2017年4月1日期，也将接受摩托罗拉手机业务相关的漏洞，域名包括*.motorola.com、*.motorola.com.cn、motorola-global-portal.custhelp.com 。基本上按照《联想漏洞评分和奖励标准V3.0》进行漏洞审核与评分。

此处特别声明，关于摩托罗拉的手机业务不接收以下漏洞类型：

The following finding types are specifically excluded from thebounty:

Descriptive error messages (e.g. Stack Traces, application or server errors).

HTTP 404 codes/pages or other HTTP non-200 codes/pages.

Fingerprinting / banner disclosure on common/public services.

Disclosure of known public files or directories, (e.g. robots.txt).

Clickjacking and issues only exploitable through clickjacking.

CSRF on forms that are available to anonymous users (e.g. the contact form).

Logout Cross-Site Request Forgery (logout CSRF).

Presence of application or web browser ‘autocomplete’ or ‘save password’ functionality.

Lack of Secure/HTTPOnly flags on non-sensitive Cookies.

Lack of Security Speedbump when leaving the site.

Weak Captcha / Captcha Bypass

Login or Forgot Password page brute force and account lockout not enforced.

OPTIONS HTTP method enabled

Username / email enumeration

via Login Page error message

via Forgot Password error message

Missing HTTP security headers, specifically (https://www.owasp.org/index.php/List_of_useful_HTTP_headers), e.g.

Strict-Transport-Security

X-Frame-Options

X-XSS-Protection

X-Content-Type-Options

Content-Security-Policy, X-Content-Security-Policy, X-WebKit-CSP

Content-Security-Policy-Report-Only

SSL Issues, e.g.

SSL Attacks such as BEAST, BREACH, Renegotiation attack

SSL Forward secrecy not enabled

SSL weak / insecure cipher suites