Uber To Reward Hackers In Bug Bounty Program

Uber Pakistan

Uber has announced that it will be running a bug bounty program to reward hackers who find security flaws in company software.

For those who were previously unaware of bug bounty programs, they reward hackers who find weaknesses in the security features of apps. Uber has been testing its platform for a year, and will now launch the program on the HackerOne bug bounty platform.

Uber joins Microsoft, Google and Facebook in bug bounty program

Instead of having hackers exploit the weaknesses in a system, bug bounty programs essentially make hackers work for a company by revealing points of entry. Many companies, including Microsoft, Google and Facebook, have similar programs.

Collin Greene, the man behind the Uber program, used to work at Facebook with HackerOne CTO Alex Rice setting up a similar scheme. However Uber has built in some unique features.

The company is trying to be as transparent as possible when it comes to rules and payments. Some other programs have run into problems due to a lack of structure.

Payment structure clear and simple

Uber doesn’t want to enter into negotiations with hackers who find a bug. The company says that it will pay up to $10,000 to those who find a critical bug.

Those who find a steady stream of bugs will be rewarded under the terms of a loyalty program. “There is actually only a small pool [of qualified researchers] who can find bugs in these applications, a small percentage and you want to grab their attention and keep it,” Greene explained.

Uber is essentially gamifying bug finding in order to keep hackers interested. The loyalty program launches May 1 and will run for 90 days. Should a hacker find 4 bugs in that time period they will be rewarded with a bonus when they report the fifth and any subsequent bugs.

The bonus is worth 10% of the average payout for the other bugs found in that time period. Uber is also offering a document known as “The Treasure Map” in order to give hackers a head start. The document offers tips on where to start looking for bugs.

“We look at code and think like hackers and find security vulnerabilities. [The participants] get our accumulated wisdom about the code base and the areas where bugs are most likely to be found,” Greene said.

Uber striving for more secure platform

Beta testing involved 200 hackers who worked to perfect the final program. HackerOne CTO Alex Rice says that he has never seen a company collect feedback in this way before launching a program.

“Uber started out like all HackerOne customers running a private pilot but their program was unique in that they put a special emphasis on collecting feedback from hackers on how to best structure their program to make it effective. From here, they worked with us at HackerOne to create features needed to run the loyalty program,” Rice told TechCrunch.

The aim is to eliminate weaknesses so that they become harder and harder to find. Payments will increase as the security flaws become more difficult to spot. Uber gets to improve the security of its software and hackers get paid for the efforts. It’s a win-win situation that stands to benefit both parties.

If you’ve got the requisite skills you might be able to make a pretty penny finding security flaws in the Uber app.

For exclusive info on hedge funds and the latest news from value investing world at only a few dollars a month check out ValueWalk Premium right here.

Multiple people interested? Check out our new corporate plan right here (We are currently offering a major discount)






About the Author

Brendan Byrne
While studying economics, Brendan found himself comfortably falling down the rabbit hole of restaurant work, ultimately opening a consulting business and working as a private wine buyer. On a whim, he moved to China, and in his first week following a triumphant pub quiz victory, he found himself bleeding on the floor based on his arrogance. The same man who put him there offered him a job lecturing for the University of Wales in various sister universities throughout the Middle Kingdom. While primarily lecturing in descriptive and comparative statistics, Brendan simultaneously earned an Msc in Banking and International Finance from the University of Wales-Bangor. He's presently doing something he hates, respecting French people. Well, two, his wife and her mother in the lovely town of Antigua, Guatemala. To contact Brendan or give him an exclusive, please contact him at [email protected]

Be the first to comment on "Uber To Reward Hackers In Bug Bounty Program"

Leave a comment