United Airlines' bug bounty program to pay in air miles

News by Ava Fedorov

US-based United Airlines announced this week a bug bounty programme initiative to enhance its information security. Under the guidelines of the new program, independent researchers who discover and report issues that "affect the confidentiality, integrity and/or availability of customer or company information" will be rewarded for being the first to report such bugs, the company writes on its website.

The catch, however, is that bounties for bug discovery and reporting are paid in United Airlines air miles and range from 50,000 miles for low severity bugs, like cross-site scripting (XSS), to one million for those rated "high" in severity, such as remote code execution (RCE).

Eligibility requirements, such as membership in the MileagePlus programme, and other bug discovery guidelines are also available on the United Airlines website.

Last month, a US watchdog warned that hackers could potentially destroy an airplane by compromising the on-board Wi-Fi, although this has been disputed by some experts.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews