The airline’s “bug bounty” award program was started in May and is a first for a transportation company. The “bug Bounty” program used by United is not new and similar programs been used by websites and software developers for a number of years.
Individuals can receive compensation for reporting bugs, especially those that focus on vulnerabilities such as security or vulnerabilities that could be exploitive. The program allows developers to identify and resolve problems in their software before the public becomes aware of them.
Yes, the people receiving the bug bounties are hackers. Known as “white-hat” hackers, these hackers are the “good guys.” The original “bug bounty” program was the brainchild of Jarrett Ridlinghafer. He came up with the idea while working at Netscape Communications Corporation as a technical support Engineer.
United spokesman Luke Punzenberger said on Thursday that Jordan Wiens, founder of a security company in Florida called Vector 35, is one of two winners of the one million frequent-flier miles prize. Other hackers got smaller prizes. The one million mile prize is enough to cover a bunch of first-class trips to Asia, or up to 20 round-trips in the U.S. CNN News channel says the prize will cover going around the world five times.
Wiens told the ThreatPost security blog his submission was the first time he had ever submitted to a bug bounty program. “There were actually two bugs that I submitted that I was pretty sure were remote code execution, but I also thought they were lame and wasn’t sure if they were on parts of the infrastructure that qualified.” He added, “My expectation was that they counted, but I figured they’d award me 50,000 miles or something smaller.”
United Airlines says they reward the finding of “basic third-party issues affecting its systems with 50,000 miles, exploits that could jeopardize the confidentiality of customer information get 250,000 miles, and major flaws related to remote-code execution earn a maximum of 1,000,000 miles.”
