Attention white-hat hackers: Uber would like you to hack its platform, and the company is willing to pay for your assistance.
On Tuesday morning, the ride-hailing service officially launched a bug bounty program, offering cash awards to security researchers who report vulnerabilities in the Uber platform. Bounties start at $3,000, for "medium issues," and can go as high as $10,000 for "critical" flaws.
Uber's bug bounty program will be run in partnership with HackerOne, a San Francisco startup that connects white-hat hackers with tech companies. HackerOne hackers — there were about 1,500 on the platform as of last year — alert companies to vulnerabilities before they're exploited. The bugs get fixed and the hackers get paid, with HackerOne typically taking a 20% commission.
Uber is by no means the first tech company to implement this kind of program. Google began paying bounties for bugs back in 2010. And HackerOne, which launched in 2011, has also worked with companies like Facebook, Twitter, and Square. That said, Uber's program -- which has been in beta for the past year -- is a bit different: It features a loyalty system that awards bonuses to security researchers who discover multiple vulnerabilities in its platform.
Brendan Klinkenberg is a tech reporter for BuzzFeed News and is based in San Francisco.
Contact Brendan Klinkenberg at firstname.lastname@example.org.
Got a confidential tip? Submit it here.