No matter how hard a company works to ensure its secure its product is, someone, somewhere can find a security flaw in it that leaves it wide open to hackers. For these reasons, several organizations have sought the services of white-hat hackers to test for weaknesses in their networks and websites. Today, Uber joined that growing list of companies.
The ride-hailing company announced today that it has invited security researchers to “dig deep” to help the company identify and fix security flaws in exchange for up to $10,000 in compensation through its soon to launch Hacker One bug bounty program.
“Even with a team of highly qualified and well-trained security experts, you need to be constantly on the look-out for ways to improve,” Joe Sullivan, Chief Security Officer, said in a statement. “This bug bounty program will help ensure that our code is as secure as possible.”
Uber says Hacker One includes a “first of its kind” loyalty reward program designed to encourage more researchers to filter through the site in search of issues.
Here’s how the program works: starting May 1, researchers have 90 days to identify bugs in Uber’s system. They must find at least four bugs before they can be compensated.
Researchers who find a fifth bug will get a bonus that’s the equivalent of 10% of the average for the previous four bugs.
The found flaws will be classified by one of three categories: “medium” bugs will pay $3,000, “significant” bugs will pay out $5,000, and “critical” bugs will net up to $10,000.
To get things started, the ride-hailing company has created a “treasure map” guide to show researchers how to find different bugs.
The company plans to publicly announce and highlight quality submissions from the white-hat hackers.
“We believe that bug bounty programs are an important part of the modern software development lifecycle,” John Flynn, Uber Chief Information Security Officer, said in a statement. “Our unique program combines healthy rewards, a loyalty program, and a ‘treasure map’ of information to incentivize our community to find even the most subtle bugs as we work together to protect users.”
Uber said on Monday that the new program was created after the success of a private, beta bug program hosted last year.
“They found nearly 100 bugs — all of which have bene fixed, helping to improve security at Uber,” the company said.
by Ashlee Kieler via Consumerist
No comments:
Post a Comment