As the world of white hat hackers has proven, you don’t have to be a jerk just because you have mad skills with a computer. Hacktivists and white hats have already done life-changing work for companies, government agencies, and even law enforcement. Private corporations have often invited hackers to unveil flaws in their security networks, even with a cash reward for uncovering a new error, but ride-sharing app Uber is upping the stakes.
Not only is Uber offering a $10,000 reward, it’s providing hackers with the road map to do it.
“Even with a team of highly-qualified and well trained security experts, you need to be constantly on the look-out for ways to improve,” Joe Sullivan, chief security officer at Uber, said in a blog post. “This bug bounty program will help ensure that our code is as secure as possible.”
More than just an open call for people to go tearing apart their network, Uber has designed a full contest with start and end dates, submission guidelines, payout levels, and even incentives to keep going after initially discovering a bug. All discoveries must be unique and meet critical guidelines in order to be considered worthy of the reward. According to the company’s blog:
- The first reward program season will be begin on May 1 and it will last 90 days.
- Bounty hunters will be eligible for the reward program once they have found four issues that have been accepted by Uber as genuine bugs.
- If they find a fifth issue within the 90 day session, they will get an additional, bonus payout. This will be equivalent to 10% of the average payouts for all the other issues found in that session.
- The same rules will apply for any additional bugs reported within that 90 day session.
Just in case you’re wondering how likely it is to find an issue, Facebook, Google, and several other companies have long had similar contests and even on-going reward programs. In Uber’s case, this isn’t their first round of bug bounty rewards; a previous iteration of this type of contest was open to approximately 200 hackers who found almost one hundred serious threat issues.