Bug bounty programs are a great way for white-hat security researchers–hackers– to earn extra cash. The best programs incentivize finding security flaws with cold, hard cash. On the other end of the spectrum, some companies only offer swag in return for finding flaws. A new set of bounties from United Airlines falls squarely in the middle. The company is offering airline miles in return for hunting security flaws. These miles aren’t a measly upgrade from economy; you could earn some real travel time for uncovering a serious system flaw.
United is offering a scale of bounties. Uncovering low-level threats like third-party issues that affect United will earn you 50,000 miles per bug, but something as heavy duty as remotely executing a code on United’s systems is worth twenty times as much, at 1,000,000 airline miles.
The most important point that United stresses is to not hunt for bugs using onboard Wi-Fi or avionics systems. Those bugs are not only exempt from any rewards, but they are incredibly dangerous. If a security flaw is found mid-flight, or involves actual aviation equipment, it would endanger the lives of passengers.
United is looking for researchers to find flaws involving its website and customer reservation systems, not flight equipment. Check out this site for all of the details on which bugs are allowed and prohibited.
VIA: Tech Crunch