Uber has announced it will offer rewards to hackers who manage to crack its system and uncover flaws.
While this practice seems totally crazy, it is common in the IT industry for a big company to propose rewards to “white hat” hackers who find a way to crack their systems and help eliminate security liabilities.
After all, any business that deals with personal data should do its best to keep security as tight as possible, but code is written by humans, and there is always room for error.
When making an app, a team of programmers might unintentionally leave a few security flaws. In fortunate cases, they get discovered by development or testing teams, while others are found by users and promptly reported and fixed.
However, as the Internet has shown to us time after time, there will always be some hacker skilled enough to surpass most security solutions, and who will find either a crack in the system’s protocols or a forgotten backdoor.
Uber has published a “treasure map” of its infrastructure and explained what each section of their network does to protect the system. They even showcased potential security vulnerabilities.
Any interested hacker must discover and report bugs or security issues, and then submit them to the company to be verified. If the items are validated as genuine, Uber will pay the hacker a small reward.
If the same person finds several bugs in the 90-day session, the fifth submission will be accompanied by a bonus payout. The respective payout will be 10% of the average payouts for all the other issues found in that 90-day session. The best submissions will be publicly disclosed and highlighted.
The first reward program from Uber will begin on May 1, 2016. As we mentioned above, it will last 90 days. The American company has good faith in its security, as they ran a private beta bug program last year that involved over 200 security researchers, and which found almost 100 bugs. All of these were fixed, CNBC reports. So, it will be interesting to see what the white-hat hackers will find.
After all, any business that deals with personal data should do its best to keep security as tight as possible, but code is written by humans, and there is always room for error.
When making an app, a team of programmers might unintentionally leave a few security flaws. In fortunate cases, they get discovered by development or testing teams, while others are found by users and promptly reported and fixed.
However, as the Internet has shown to us time after time, there will always be some hacker skilled enough to surpass most security solutions, and who will find either a crack in the system’s protocols or a forgotten backdoor.
Uber has published a “treasure map” of its infrastructure and explained what each section of their network does to protect the system. They even showcased potential security vulnerabilities.
Any interested hacker must discover and report bugs or security issues, and then submit them to the company to be verified. If the items are validated as genuine, Uber will pay the hacker a small reward.
If the same person finds several bugs in the 90-day session, the fifth submission will be accompanied by a bonus payout. The respective payout will be 10% of the average payouts for all the other issues found in that 90-day session. The best submissions will be publicly disclosed and highlighted.
The first reward program from Uber will begin on May 1, 2016. As we mentioned above, it will last 90 days. The American company has good faith in its security, as they ran a private beta bug program last year that involved over 200 security researchers, and which found almost 100 bugs. All of these were fixed, CNBC reports. So, it will be interesting to see what the white-hat hackers will find.