Incident Response, Network Security, Patch/Configuration Management, TDR, Vulnerability Management

United Airlines pays researcher bug bounty of 1M air miles

Security researcher Jordan Wiens will be flying after submitting a security flaw to the United Airlines bug bounty program, launched in May, and receiving one million air miles as a reward.

Wiens discovered a remote code execution (RCE) flaw in May, according to ZDNet, that If left unchecked could allow an attacker to have unauthenticated access to entry systems to inject malware and other disruptive applications. The airline verified the vulnerability and Wiens received his prize roughly two months later.

The United program offers rewards for security flaws which impact the “confidentiality, integrity and/or availability of customer or company information” of client-facing websites and third-party sites used by the airline. Depending on the severity of the flaw, bounty hunters can earn between 50,000 and 1,000,000 miles for each vulnerability they discover.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.