Uber launches bug bounty

News by Robert Abel

Uber launched a bug bounty program on Tuesday through HackerOne, offering to pay up to $10,000 (£7050) for "critical issues" such as a remote code execution vulnerability that could identify individual riders, according to the company's official bug bounty page.

"Significant issues" such as those that could deface a homepage or significantly damage the brand would net a researcher $5,000 (£3500) while "medium issues" like those that could limit rates will payout $3,000 (£2100).

Uber has also assembled a bug hunter treasure map that lists various Uber domains and applications along with their functions to help researchers learn the systems, architecture and the types of vulnerabilities that could be lurking in there.  

The map also listed specific vulnerabilities that the company cares about such as the ability to turn emails into user UUIDs (Universal Unique Identifiers) in bulk and an “enumeration of business sensitive information.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Webcasts and interviews 

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop