Uber has issued a fresh invite for friendly hackers to find vulnerabilities with its computer system.
To aid the so called “white hat” hackers, Uber released a technical or “treasure” map of its computer and communications systems, and said it will pay out up to $10,000 (£7,075) for identifying critical flaws.
Uber has had a bug bounty scheme in place since last year, and said that over 200 security researchers are involved. So far, these researchers have located nearly 100 bugs, all of which have been patched.
The taxi firm said that it has also created a first of its kind “loyalty reward program”, designed to encourage members of the security community to search for flaws.
“Even with a team of highly-qualified and well trained security experts, you need to be constantly on the look-out for ways to improve,” said Joe Sullivan, Uber’s Chief Security Officer. “This bug bounty program will help ensure that our code is as secure as possible. And our unique loyalty scheme will encourage the security community to become experts when it comes to Uber.”
And to give researchers every possible assistance, Uber created a “treasure map” to show security researchers how to find the different classes of bugs across its codebase. It promises to publicly disclose and highlight the highest-quality submissions (with permission from the hacker), and will give access to new features at the same time they are rolled out to Uber employees.
“We believe that bug bounty programs are an important part of the modern software development lifecycle,” said John Flynn, Uber Chief Information Security Officer. “Our unique program combines healthy rewards, a loyalty program, and a ‘treasure map’ of information to incentivize our community to find even the most subtle bugs as we work together to protect users.”
Uber’s bug bounty program indicates a level of confidence in its systems, but also a realisation that its corporate security can still be improved.
Yet Uber has not always been so secure.
Last October it suffered an embarrassing data breach after details of hundreds of its drivers were leaked online. Leaked data included social security numbers, pictures of driver licenses, and vehicle registration numbers. It was thought that as many as 647 drivers across the US had their details accidentally revealed by the taxi company.
And in March 2015, Uber admitted that it had waited five months to report a separate data breach which saw a database breach leading to the theft of the names and licence numbers of about 50,000 drivers.
It was later revealed that the security key used to carry out this theft was stored in a publicly accessible repository on code hosting service GitHub.
Other incidents include Uber’s lost-and-found records being briefly published. Prior to that it emerged that an Uber executive had used the company’s tracking tools to monitor the movements of a journalist without her permission.
Are you a security pro? Try our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…