Previous Story
United Airlines Pays Out Million-Mile Bug Bounty
Posted On Jul 18 2015
Comment: Off
Want to fly around the world for free? One incident locked the airline out of its reservations system, preventing customers from checking in, and another zapped functionality of the software United needed to dispatch its flight plan. With a million miles, they could fly from the continental United States to Europe 33 times. That means he could fly to Europe another eight times.
It has rewarded the technology experts with a million free flight miles each under its “bug bounty” scheme. Facebook, Twitter and Dropbox offer hundreds of dollars to hackers who alert them to security problems on their site.
United began its program just weeks before the airline’s entire fleet was grounded due to software glitches.
Jordan Wiens, a researcher focused on cyber vulnerabilities, tweeted last week that he received United’s top reward of 1 million miles for exposing a flaw that could have allowed hackers to seize control of one of the airline’s websites. The second was an “information disclosure”, or a data leak.
The program rewards security researchers in miles for finding flaws in United Airlines’ software.
Chris Petersen, CTO and co-founder of LogRhythm Inc. a security intelligence company, said bug bounties are growing in popularity, as companies race to shut all the backdoors into their systems before the black-hat hackers find them.
Wiens said it was normal for large companies such as United to have bugs in their websites. His day job, after all, is doing almost the same thing as a consultant.
By the next night, he had found a major vulnerability.
But reporting those bugs doesn’t mean United has a poor online security system, Wiens said. In fact, Wiens says, running a program like this attests to the airline’s diligence and progressive view on crowd-sourcing cybersecurity.
The awards were made under a security program that United started in May. The bounty rules prohibit recipients from disclosing their findings.
“I hope it continues”, he added. They also urge most if not all companies to have internal programs that continuously check systems for intrusions.
But that’s not because Wiens needs more airline miles.
