Uber launches bug bounty

Uber launched a bug bounty program that will pay up to $10,000 for discovery of a critical issue.
Uber launched a bug bounty program that will pay up to $10,000 for discovery of a critical issue.

Uber launched a bug bounty program on Tuesday through HackerOne, offering to pay up to $10,000 for "critical issues" such as a remote code execution vulnerability that could identify individual riders, according to the company's official bug bounty page.

"Significant issues" such as those that could deface a homepage or significantly damage the brand would net a researcher $5,000 while "medium issues" like those that could limit rates will payout $3,000.

Uber has also assembled a bug hunter treasure map that lists various Uber domains and applications along with their functions to help researchers learn the systems, architecture and the types of vulnerabilities that could be lurking.  

The map also listed specific vulnerabilities that the company cares about such as the ability to turn emails into user UUIDs (Universal Unique Identifiers) in bulk and an “enumeration of business sensitive information.”

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS