Uber, an innovative technology platform for taxi services, says it’s ready to pay $10,000 to any bug hunter who is able to find flaws in its popular app.
The tech company says the bug hunter programme hopes to improve its security from being exploited and make it less vulnerable to cyber attacks.
Uber launched a similar programme last year where over 200 security researchers found nearly 100 bugs, which the taxi services app provider said “were all fixed.”
According to Uber, the first reward season, which will last for 90 days will begin on May 1. The bounty hunters will be rewarded as soon as they have found four issues accepted by Uber as genuine bugs.
Any additional bug found within the 90 day session will attract additional bonus payment which will be 10% of the average payout for all other issues found in that session.
Joe Sullivan, Chief Security Officer at Uber says “even with a team of highly-qualified and well trained security experts, you need to be constantly on the look-out for ways to improve. This bug bounty program will help ensure that our code is as secure as possible. And our unique loyalty scheme will encourage the security community to become experts when it comes to Uber.’’
For researchers to have access to the right information right from the start, Uber says it has created a ‘treasure map’ guide which will be regularly updated to show the security researchers how to find the different classes of bugs across its codebase.
John Flynn, Uber Chief Information Security Officer says that, “we believe that bug bounty programs are an important part of the modern software development life cycle. Our unique program combines healthy rewards, a loyalty program, and a ‘treasure map’ of information to incentivize our community to find even the most subtle bugs as we work together to protect users.’’