General Motors launched a vulnerability submission program earlier this week, promising not to sue researchers who submit their findings through the program website and follow its guidelines.
“We value the positive impact of your work and thank you in advance for your contribution,” the carmaker said on the HackerOne website, encouraging researchers to disclose information about security vulnerabilities in the company's products and services. “We want to hear from you.”
The guidelines listed on the site include not doing harm to GM customers or the company, providing details of the vulnerability and refraining from disclosing findings publicly only after GM confirmed that it had “completed remediation.”
The company teamed with HackerOne to create the program portal.
GM's initiative follows in the footsteps of Tesla, which created a similar program last June.