Uber is offering a $10,000 bounty for security bugs
NEW YORK (March 23, 2016) — Uber is giving its “bug bounty” program two shots in the arm.
The ride-sharing company announced a new program that will pay hackers a whopping $10,000 for each critical problem they find with the app’s code. They will also give $5,000 to hackers who flag significant issues, and $3,000 for “medium” issues.
Many tech companies offer similar programs to hackers who help find cybersecurity vulnerabilities in their systems. But Uber’s new offer is particularly lucrative. AT&T bounties range from $100 to $5,000 bug bounty, while Google pays from $100 to $20,000.
Uber also said it is creating a loyalty reward program for hackers to help Uber deal with “subtle bugs.”
Here’s how it works: Beginning on May 1, hackers will have a 90-day window to find four issues that Uber accepts as genuine.
Uber will then issue an additional payout if the hacker finds a fifth bug within those 90 days — a payment that’s equal to 10% of the average payouts for all other issues found during the time frame.