While so-called “bug bounties” are not new, we have probably seen/heard tech companies such as Facebook, Tesla, Google and Microsoft having them. Recently, Facebook Inc. awarded a researcher, Anand Prakash 15,000 USD (50.6 million UGX) after he disclosed a password flaw which allowed attackers to access accounts with a minimal effort and in 2013 Microsoft announced that it’s willing to pay up to 100,000 USD ( 337.5 million UGX) for information about security bugs that can be used to bypass the defenses of Windows, that was to start with Windows 8.1.
Last year Uber, the high-flying transportation firm, launched a private, beta bug bounty program for over 200 security researchers, who found nearly 100 bugs, all of which have been fixed, helping to improve security at the company.
The company on Tuesday, 22 March this year, announced their official “Bug Bounty Program” pay-outs that will pay independent security researchers over 10,000 USD (33.8 million UGX) in reward for finding hackable bugs in its apps and websites, starting May 1st which last for 90 days.
“We’ve also created a first of its kind loyalty reward program that is designed to encourage members of the security community to dig deep, helping Uber to deal with even the most subtle bugs.”
According to CS Monitor, Uber is far from the first company to launch such an effort and it has partnered with the independent firm HackerOne, which specializes in coordinating bug bounties programs.
According to Uber, bug bounty hunters will be eligible for the reward program once they have found four issues that have been accepted by Uber as genuine bugs and if they manage to find a fifth issue within the given 90 days, they will get an additional bonus pay-out. This will be equivalent to 10% of the average pay-outs for all the other issues found in that session.
“Even with a team of highly-qualified and well trained security experts, you need to be constantly on the look-out for ways to improve. This bug bounty program will help ensure that our code is as secure as possible. And our unique loyalty scheme will encourage the security community to become experts when it comes to Uber.” Said Joe Sullivan, Chief Security Officer.[related-posts]
Uber has created a “Treasure Map” that provides details that are ride-hailing company’s software infrastructure, identifies what sorts of data might be exposed inadvertently and suggests what types of flaws are the most likely to be found.
The company says it is only revealing information that is already public. The treasure map covers its websites and apps for drivers and riders, not other aspects of its technology, such as drivers’ cars.