Ride-sharing service Uber is now offering up to $10,000 to white hat hackers who are willing to find flaws in the company's apps and websites.
Uber has announced that it will hold a so-called "bug bounty" beginning May 1, giving researchers 90 days to detect flaws in Uber's system. The company will work with San Francisco-based startup HackerOne, which runs bug bounties for big names in the tech industry.
"We believe that bug bounty programs are an important part of the modern software development lifecycle," writes Uber chief information security officer John Flynn in the official statement regarding Uber's bug bounty program.
According to Uber's page on the HackerOne website, the vulnerabilities the company is looking for are those that potentially damage the security of its users. Identified vulnerabilities that only affect a low usage percentage will have their rewards determined accordingly, Uber notes.
Uber also says reported vulnerabilities that could be regarded as "best practice suggestions" will not receive rewards, nor will those that the company does not consider to be severe enough to be addressed.
Uber will pay $10,000 for vulnerabilities considered critical issues, $5,000 for significant issues and $3,000 for medium issues.
Security researchers who can find more than four bugs will receive a bonus payout equivalent to 10 percent of the average rewards for the previous four bugs, with Uber stating that this bonus should encourage experts to keep searching for vulnerabilities.
Uber will release a technical map for its computer and communications systems, which the company refers to as a "treasure map," as an invitation to hackers to participate in the bug bounty. The map reveals details regarding the software and infrastructure of Uber, the type of data that could be compromised and the kinds of flaws that are likely to be discovered.
Bug bounties are nothing new, as other companies have often turned to independent computer experts to help them in discovering vulnerabilities in their systems. One such company is Google, which earlier in the month began offering a $100,000 reward for anybody who can develop a reliable hack into a Chromebook while the laptop is in guest mode.