Uber launches bug bounty

News by Robert Abel

Uber launched a bug bounty program on Tuesday through HackerOne, offering to pay up to $10,000 (£7050) for "critical issues" such as a remote code execution vulnerability that could identify individual riders, according to the company's official bug bounty page.

"Significant issues" such as those that could deface a homepage or significantly damage the brand would net a researcher $5,000 (£3500) while "medium issues" like those that could limit rates will payout $3,000 (£2100).

Uber has also assembled a bug hunter treasure map that lists various Uber domains and applications along with their functions to help researchers learn the systems, architecture and the types of vulnerabilities that could be lurking in there.  

The map also listed specific vulnerabilities that the company cares about such as the ability to turn emails into user UUIDs (Universal Unique Identifiers) in bulk and an “enumeration of business sensitive information.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews