Vulnerability Management

Tesla bug bounty program offers rewards of up to $1,000


Bug bounty hunters can earn up to $1,000 from Tesla Motors for identifying and properly reporting vulnerabilities in the primary Tesla website and any host verified to be owned by Tesla, as well as its mobile applications.

Command injection vulnerabilities fetch the highest reward, but vertical privilege escalation bugs, SQL flaws and XSS bugs are among the vulnerabilities that also net big payouts, according to a listing on vulnerability reporting platform Bugcrowd that details the program.

As far as vehicles and products are concerned, vulnerabilities must be reported directly to Tesla and will be assessed on a case-by-case basis, the program description indicated.

Tesla said it will not take legal action against or ask law enforcement to investigate researchers so long as they comply with the guidelines for responsible disclosure, as laid out in the program description.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.