The ride hailing app Uber is offering computer hackers up to US$10,000 to find security flaws in its software.
It says it’s created a first of its kind loyalty reward program that is designed to encourage members of the security community to “dig deep”, helping Uber to deal with even the most subtle bugs.
The first reward program season will be begin on May 1 and it will last 90 days, with “bounty hunters” eligible for the reward program once they have found four issues that have been accepted by Uber as genuine bugs. If they find a fifth issue within the 90 day session, they will get an additional, bonus payout.
“Even with a team of highly-qualified and well trained security experts, you need to be constantly on the look-out for ways to improve,” explained Joe Sullivan, the company’s Chief Security Officer. “This bug bounty programme will help ensure that our code is as secure as possible. And our unique loyalty scheme will encourage the security community to become experts when it comes to Uber.”
Uber has created a “treasure map” to show security researchers how to find the different classes of bugs across its codebase. It says it will publicly disclose and highlight the highest-quality submissions (with the permission of the researcher, of course) so everyone can see the best examples of the kinds of issues that get rewarded.