Uber launches bounty program for hackers to earn $10,000 exploiting its apps

Uber is offering a 'treasure map' for hackers to get started.
Written by Jake Smith, Contributor
Da qing - Imaginechina

Uber announced on Tuesday it's beginning a bounty program for "white hat hackers" in hopes of having independent researchers find exploits in its ride-hailing service.

The "bug bounty", a tactic used by several tech companies, will reward up to $10,000 as part of the bounty program that offers hackers a "treasure map" to help them get started in finding bugs.

As Motherboard points out, Uber has had a tough year security-wise. Its accounts have been sold on the black market for as little as 40 cents each.

"We're wrapping up a lot of information and posting that to level the playing field so that it could be as easy for outside researchers to find flaws as us," Collin Greene, manager of security engineering at Uber, said.

If a hacker or researcher finds five bugs within 90 days of Uber's "loyalty season," a bonus payout of 10 percent will be rewarded based on the average of the other payouts.

"That's a level of confidence that you have not seen too many closed-source software companies take in the past, and I'm really hopeful that others will follow suit," said Alex Rice, chief technology officer at HackerOne, which is managing Uber's bounty program.

Google is notorious for bug bounty programs, having just last week raised its Chrome bounty to $100,000.

Editorial standards