CHINA TOPIX

11/02/2024 03:36:29 pm

Make CT Your Homepage

Uber Launches Bug Bounty Program with $10,000 Reward

Uber bug bounty program encourages hackers to go deep on its codes both on its apps and websites.

(Photo : Getty Images) Uber bug bounty program encourages hackers to go deep on its codes both on its apps and websites.

Uber has launched a bug bounty program for independent security researchers to look for hackable bugs in its apps and websites.

The company promises a reward of $10,000 in exchange for data about critical security issues in its code. The move comes after Uber launched a private and beta bug bounty program in 2015 which was limited to 200 security researchers who found nearly 100 vulnerabilities, all of which have since been fixed.

Like Us on Facebook

The program has very specific examples of what qualifies for a reward, such as cross-site scripting (XSS), SQL injection, server-side remote code execution (RCE) and others. If a security researcher is able to find bugs, the company will pay $3,000 to $10,000 for issues for one of the items on its hit list.

Uber is the latest company that adopts the strategy of crowdsourcing the auditing of its code to shore it up against less compassionate hackers. However, Uber has levelled up their game compared to Google, Facebook and Microsoft with the help of bug-bounty-focused firm HackerOne. The company will offer loyalty system to the program, giving the researchers bonuses for repeated bug discoveries in Uber’s platform. It promised as well to give a “treasure map” for bug hunters, which is designed to guide them toward potential vulnerabilities in the site and make the bug hunting more efficient.

“Embarking on a new bug bounty program can be difficult; it takes time for security researchers to learn the systems, the architecture, and the types of vulnerabilities likely to be lurking. To help you with this quest, Uber’s engineering security team has assembled this treasure map of various services at Uber and tips for uncovering security issues,” said Matthew Bryant, Application Security Engineer at Uber.

It is worth noting that Uber’s bounty program is only for bugs found in its websites and apps for riders and drivers. The company might extend the programs to its actual cars.

The popular transportation firm also promised to publicize and highlight the highest-quality submissions, with the researcher's permission, so other researchers can learn by examples that earned the reward.

Real Time Analytics