The friendly skies just got friendlier for vulnerability researchers, now that United Airlines has followed in the footsteps of Twitter, Facebook and others to offer a bug bounty of its own that will pay millions - in air miles, that is - rather than dollars.

United will award up to one million award miles to researchers who discover severe vulnerabilities, though they'll first have to be a member “in good standing” of United's MileagePlus program to claim their rewards. The airline noted that a bug must be a new discovery to be eligible and the reward will go to the first researcher who submits it. In addition, whoever discovers a bug can't reside in a country that appears on a U.S. sanctions list, nor can he or she be the author of the vulnerable code or an employee of the airline or its partners.