More and more companies are implementing the Bugs bounty program.
Taxi service company, Uber, which enables people to hire a taxi at any time they want using an app on their phone, has officially launched its own bug’s bounty program. The company has decided to hire mounds of white hat hackers to help them with their cyber security. The company announced on Tuesday that they were officially launching the program that allows independent researchers to attempt legally to hack into the Uber servers and try to find any malware that might not be best for the company.
Many high-tech companies employ this method as they see it as a way to have people find any faults in their systems. Leading firms for this program include Google, Apple, and Facebook, which is said to have paid around $936,000 to 210 researchers for the year 2015. Earlier this month, the US Defence Ministry started its won bug’s bounty program though there were no financial rewards to be made available as yet. The ministry did, however, say they planned on making financial rewards available.
The announcement by the ride-sharing firm makes it the latest big tech firm to crowdsource its security upkeep. According to the rules of Uber’s Bug Bounty program, finding an exploitation that could deface its homepage or expose client’s data earned the hackers $5,000. One who found a bug that could take over Uber accounts and run malicious code on a Uber production server would be in line to earn $10,000.
Uber has also implemented new ideas that other firms do not have. The firm which is partnering with a bug bounty focused company, HackerOne, introduced the loyalty program, which gives hackers bonuses for repeated flaws in the Uber system. Another program they want to add is the treasure map. This will act as a guide for the hunters to design to lead them towards potential flaws in the system. It maps out the company’s code making it easier for bug hunters and as efficient as possible for them.
The idea according to the head of product security for Uber, Collin Greene, is to make incentives for researchers that allows them to stick to Uber alone and not for them to hop from firm to firm looking for easier bug bounty programs. They want the hackers to enter deep into the Uber code so that the flaws can also be discovered, and one way to achieve that is to have dedicated hackers towards your system.
Uber says that it is not going to reveal anything in the treasure map which is not already public. Uber has paid hackers before who found problems in their apps and system, so this is nothing new. The firm, however, is yet to extend the program to its automotive department. Other companies have started to do this with Tesla Motors leading the way.