US-based United Airlines announced this week a bug bounty programme initiative to enhance its information security. Under the guidelines of the new program, independent researchers who discover and report issues that "affect the confidentiality, integrity and/or availability of customer or company information" will be rewarded for being the first to report such bugs, the company writes on its website.
The catch, however, is that bounties for bug discovery and reporting are paid in United Airlines air miles and range from 50,000 miles for low severity bugs, like cross-site scripting (XSS), to one million for those rated "high" in severity, such as remote code execution (RCE).
Eligibility requirements, such as membership in the MileagePlus programme, and other bug discovery guidelines are also available on the United Airlines website.
Last month, a US watchdog warned that hackers could potentially destroy an airplane by compromising the on-board Wi-Fi, although this has been disputed by some experts.