Uber Speeds Up Security Efforts
This week Uber launched its official bug bounty program which rewards independent security researchers (also known as white hat hackers) for finding vulnerabilities in its systems. The company is offering $3000 for Medium Issues, $5000 for Significant Issues and $10,000 for Critical issues such as exposure of information that identifies individual Uber drivers or users, including their credit card numbers, bank account information, or driver’s license images. The Uber transportation network allows drivers and consumers with smartphones to arrange paid transportation through a mobile application, making information security vital to its operations.
As reported by Wired, Uber’s bug bounty program has already been operational in a private, beta version. As part of this previous program, the company has already paid hackers over a hundred bug bounties in the past year. Additionally, the company has been, “on a security hiring spree that includes experienced bug bounty managers: Both Greene and Uber chief security officer Joe Sullivan were hired from Facebook, where Greene formerly oversaw a bug bounty program that’s paid out millions of dollars.” The new bug bounty program also includes a loyalty component, rewarding hackers who have discovered more than one vulnerability over time.
Bug bounty programs are becoming increasingly popular and Uber’s move exhibits a trend towards tech companies embracing the white hat hacker community. Nurturing a relationship with freelance information security experts provides companies with an arsenal of talented researchers on the lookout for new bugs. Providing such incentives goes a long way to ensuring the continued security of technology assets and users.