Bug bounty programs are big business these days, with researchers often seeing rewards of thousands of dollars to find bugs in software and security systems. Today we see yet another company joining the fold as Uber has announced that it’s officially launching a “bug bounty” program that will pay independent security researchers thousands of dollars in rewards for finding hackable bugs in its apps and websites.
Uber wants to pay researchers up to $5,000 for finding anything from a minor bug that could deface the company's homepage or expose users’ email addresses and up to $10,000 for more serious and critical bugs that could lead to attackers gaining the ability to fully take over Uber accounts or run malicious code on an Uber production server.
According to Uber the main reason behind the move to open a public bug bounty program comes as a result of the company's very own private program that turned up over 100 bugs — all of which have Uber has said have been fixed. This time the company is going a step further by offering hackers and security researchers not only more money but a new bug bounty “loyalty system” that gives bonuses for repeated bug discoveries. They have also created a “treasure map” for bug bounty hunters designed to guide them toward potential vulnerabilities in the site—mapping out the company’s code to make bug hunting as efficient as possible.
"Even with a team of highly qualified and well trained security experts, you need to be constantly on the look-out for ways to improve," Uber's Chief Security Officer Joe Sullivan said in a statement. "This bug bounty program will help ensure that our code is as secure as possible. And our unique loyalty scheme will encourage the security community to become experts when it comes to Uber."
For more information about the program visit https://hackerone.com/uber.