Electric car maker Tesla is offering up to $1,000 through its bug bounty programme for its website on the Bugcrowd platform.
The company will offer anything between $25 and $1,000 for each vulnerability, though it won’t be doing anything similar for it’s vehicles just yet.
The company has been congratulated by the security community for its willingness to work with the benevolent hackers. It set up its own, somewhat disorganised bug bounty program with a Hall of Fame, but it now wants a more formal process in place.
“We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community to participate in our responsible reporting process,” the blurb on Bugcrowd read.
Contributors can only report on tesla.com and must give Tesla “a reasonable time to correct the issue before making any information public”. There’s also a long list of what kinds of issues can’t be reported as well as smaller one for what can.
Anyone who believes they have found a problem in a Tesla vehicle should email email@example.com, rather than going to Bugcrowd, according to the firm. But there remains little information on how Tesla rewards anyone who finds a bug in its cars or other products, such as its recently-announced super-battery, or if they’re rewarded at all.
Most manufacturers apart from Tesla have been fighting anyone who wants to tinker with their car. Led by the Auto Alliance and General Motors, car makers have sought to maintain their right to make legal threats against anyone who tinkers with the code in their own vehicles, fighting proposed exemptions in the Digital Millennium Copyright Act.
Sources say Tesla is planning to open up a vehicle or its components at the Defcon hacker conference in August this year too, though it has denied those claims.
However Tesla moves forward with its security program, it is at least seeking to protect customer information on its site. One wonders whether that will help it prevent social engineering attacks such as the one that saw its Twitter feed and website just last month.