Network Security, Vulnerability Management

Uber launches bug bounty

Uber launched a bug bounty program on Tuesday through HackerOne, offering to pay up to $10,000 for "critical issues" such as a remote code execution vulnerability that could identify individual riders, according to the company's official bug bounty page.

"Significant issues" such as those that could deface a homepage or significantly damage the brand would net a researcher $5,000 while "medium issues" like those that could limit rates will payout $3,000.

Uber has also assembled a bug hunter treasure map that lists various Uber domains and applications along with their functions to help researchers learn the systems, architecture and the types of vulnerabilities that could be lurking.  

The map also listed specific vulnerabilities that the company cares about such as the ability to turn emails into user UUIDs (Universal Unique Identifiers) in bulk and an “enumeration of business sensitive information.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.