Tesla bug bounty program offers rewards of up to $1,000
Bug bounty hunters can earn up to $1,000 from Tesla Motors for identifying and properly reporting vulnerabilities in the primary Tesla website and any host verified to be owned by Tesla, as well as its mobile applications.
Command injection vulnerabilities fetch the highest reward, but vertical privilege escalation bugs, SQL flaws and XSS bugs are among the vulnerabilities that also net big payouts, according to a listing on vulnerability reporting platform Bugcrowd that details the program.
As far as vehicles and products are concerned, vulnerabilities must be reported directly to Tesla and will be assessed on a case-by-case basis, the program description indicated.
Tesla said it will not take legal action against or ask law enforcement to investigate researchers so long as they comply with the guidelines for responsible disclosure, as laid out in the program description.