For Hire: Uber Bounty Hunters
Typically, when most North Americans hear the term Bounty Hunter, images of a jacked up, sunglass wearing, blonde goliath come to mind. In terms of cyber security, it’s highly unlikely you’d ever see someone who fits that bill.
It recently has become a common practice for enterprises, to hire ethical hackers, also known as researchers or bounty hunters. Companies like Microsoft, Google and Facebook have all developed programs that request these researchers uncover any security flaws within their systems.
The latest company to put out a call to action for ethical hackers is Uber. The company has announced that after a year of Beta testing, they have released their bug bounty program hosted on the HackerOne platform. After the beta program, researchers found almost 100 bugs, Uber came to the conclusion to publicly announce this information. Payouts for the bug bounty program can pay up to $10,000 for critical issues. Outlined below is the Uber Bug Bounty Payout Range.
Uber is attempting to “gamify” this program with the addition of a treasure map and a loyalty reward program. The map permits researchers to get a head start, that will later provide valuable information about the best places to search for bugs and vulnerabilities within their systems. The loyalty reward program was implemented with the intention of researchers digging deeper into helping Uber deal with their subtlest bugs.
- May 1, 2016 is the start of the first program season that will last for 90 days.
- Researchers become eligible for the reward program after successfully identifying four issues that Uber determine as genuine bugs.
- If a fifth issue is found within the 90 days, they will gain an additional payout, equivalent to 10% of the average payouts for all other issues exposed with the session.
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.