Uber has issued a fresh invite for friendly hackers to find vulnerabilities with its computer system.
To aid the so called “white hat” hackers, Uber released a technical or “treasure” map of its computer and communications systems, and said it will pay out up to $10,000 (£7,075) for identifying critical flaws.
Uber has had a bug bounty scheme in place since last year, and said that over 200 security researchers are involved. So far, these researchers have located nearly 100 bugs, all of which have been patched.
The taxi firm said that it has also created a first of its kind “loyalty reward program”, designed to encourage members of the security community to search for flaws.
“Even with a team of highly-qualified and well trained security experts, you need to be constantly on the look-out for ways to improve,” said Joe Sullivan, Uber’s Chief Security Officer. “This bug bounty program will help ensure that our code is as secure as possible. And our unique loyalty scheme will encourage the security community to become experts when it comes to Uber.”
And to give researchers every possible assistance, Uber created a “treasure map” to show security researchers how to find the different classes of bugs across its codebase. It promises to publicly disclose and highlight the highest-quality submissions (with permission from the hacker), and will give access to new features at the same time they are rolled out to Uber employees.
“We believe that bug bounty programs are an important part of the modern software development lifecycle,” said John Flynn, Uber Chief Information Security Officer. “Our unique program combines healthy rewards, a loyalty program, and a ‘treasure map’ of information to incentivize our community to find even the most subtle bugs as we work together to protect users.”
Uber’s bug bounty program indicates a level of confidence in its systems, but also a realisation that its corporate security can still be improved.
Yet Uber has not always been so secure.
Last October it suffered an embarrassing data breach after details of hundreds of its drivers were leaked online. Leaked data included social security numbers, pictures of driver licenses, and vehicle registration numbers. It was thought that as many as 647 drivers across the US had their details accidentally revealed by the taxi company.
And in March 2015, Uber admitted that it had waited five months to report a separate data breach which saw a database breach leading to the theft of the names and licence numbers of about 50,000 drivers.
It was later revealed that the security key used to carry out this theft was stored in a publicly accessible repository on code hosting service GitHub.
Other incidents include Uber’s lost-and-found records being briefly published. Prior to that it emerged that an Uber executive had used the company’s tracking tools to monitor the movements of a journalist without her permission.
Are you a security pro? Try our quiz!
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…