World News -Ride-hailing app Uber is offering hackers up to $10,000 to hack its system to uncover flaws, the company said on Tuesday.
Uber has released a “treasure map” of its software infrastructure, highlighting what each part does and the potential security vulnerabilities present.
The idea of asking friendly, so-called White Hat hackers to test your system for a reward is not new. Several companies including Facebook, which pays hackers at least $500 to trace bugs, and Google, which offers a maximum prize pot of $20,000, have these so-called “bug bounty” programs.
While, the idea has not always been a comfortable one for many organizations, Uber’s launch of its own prize program highlights the growing acceptance of the method amid an increasingly dangerous threat of hacking.
“Even with a team of highly-qualified and well trained security experts, you need to be constantly on the look-out for ways to improve,” Joe Sullivan, chief security officer at Uber, said in a blog post.
“This bug bounty program will help ensure that our code is as secure as possible.”
Uber will offer payouts of up to $10,000 for what it deems “critical issues”.
The first reward program season will begin on May 1 and last 90 days. Once a hacker finds a bug, they need to report it to Uber and wait for it to be verified as a genuine issue before they are paid.
If a hacker finds a fifth issue within the 90 day sessions they will get a bonus payout. This will be 10 percent of the average payouts for all the other issues found in that session. Uber also said that it will publicly disclose and highlight the highest-quality submissions.
Uber also revealed that it launched a private beta bug bounty program for over 200 security researchers last year and they found nearly 100 bugs, all of which were fixed.
by ARJUN KHARPAL, CNBC