If you want to make some money from catching bugs and are sick of pentesting Facebook, Google, and Microsoft’s products, Uber may be your new favorite playground that it’s officially launching a “bug bounty” program that will pay independent security researchers thousands of dollars in rewards for finding hackable bugs in its apps and websites.
It’s hard to remember what life was like before Uber. While there has been a bevy of documented violence related to the ride-hail company, it has done plenty of useful things for society, like help decrease DUIs by 10 percent in Seattle. The taxi service also gifted us with an amazing twerking video and the exciting news that it plans to expand into helicopter territory. Now Uber wants to pay you $10,000 to hack into its app, The Verge reports.
“We believe that bug bounty programs are an important part of the modern software development lifecycle,” writes Uber chief information security officer John Flynn in the official statement. According to Uber’s page on the HackerOne website, the vulnerabilities the company is looking for are those that potentially damage the security of its users.
The first reward program season will begin on May 1 and last 90 days. Once a hacker finds a bug, they need to report it to Uber and wait for it to be verified as a genuine issue before they are paid, reports nbc.
If a hacker finds a fifth issue within the 90 day sessions they will get a bonus payout. This will be 10 percent of the average payouts for all the other issues found in that session. Uber also said that it will publicly disclose and highlight the highest-quality submissions.