Vulnerability Management

United Airlines bug bounty program pays in air miles

The friendly skies just got friendlier for vulnerability researchers, now that United Airlines has followed in the footsteps of Twitter, Facebook and others to offer a bug bounty of its own that will pay millions - in air miles, that is - rather than dollars.

United will award up to one million award miles to researchers who discover severe vulnerabilities, though they'll first have to be a member “in good standing” of United's MileagePlus program to claim their rewards. The airline noted that a bug must be a new discovery to be eligible and the reward will go to the first researcher who submits it. In addition, whoever discovers a bug can't reside in a country that appears on a U.S. sanctions list, nor can he or she be the author of the vulnerable code or an employee of the airline or its partners.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.