The software in the program includes the likes of Samsung Pay and Bixby, but is not limited to separate Samsung apps. However, Samsung's rules require that the security hole must only be found in Samsung devices, not Android in general. In addition it must be accessed without physical connection.
To get a reward you need to be hacking the latest software version of the device or the app. Naturally Samsung also requires that the hacker will not publish any information about the issue until Samsung has had time to address and possibly fix the issue.
Unfortunately not every security problem unveiled is going to net you the top dollar. Depending on the severity level of the vulnerability Samsung rewards $200 to $200,000 to the first person responsible for finding the security threat.