United Airlines recently rewarded Jordan Weins for hacking its website and discovering two bugs. Wiens is not allowed to disclose the details regarding the bugs he found, but he claims he found a remote execution bug that could allow an attacker to remotely inject a program with code to get it to run.
Reward programs benefit hackers and internet users
United Airlines is one of the many companies to offer a rewards program for hackers who discover problematic bugs on their website. The bug bounty program was launched two months ago, and it rewards anyone who has a submission which meets the set requirements. Other companies with cash reward programs for bug bounty hunters include Facebook, Yahoo and Google.
The airline added on its website, “We believe that this program will further bolster our security and allow us to continue to provide excellent service.” The company declined to comment further on the matter.
Critics are concerned with bug bounty programs
Not everyone approves of bug bounty programs similar to the program offered by United Airlines. Some critics believe such programs keep companies from hiring security teams for websites. According to security consultant Dr. Jessica Barber, programs encouraging hackers to find and disclose system bugs make the internet more secure for all. She added that it offers an incentive for would-be hackers.
Weins’ reward is quite significant, as 1 million free miles is the equivalent of about eight first class tickets to European destinations or 40 domestic flights first class. Weins already knows the first trip he will take with his family: Hawaii. He even told Fox News in Tampa Bay that he may splurge on a premium cabin for his flight.
Not surprisingly, Weins thinks United Airlines’ bug bounty program is a great idea and commends the company for its ongoing program.