jeudi 24 mars 2016

Uber announces bug bounty program

Google relaxes Project Zero bug disclosure policy after Microsoft complaints

Uber is calling on independent computer researchers and experts to find weaknesses in its system as the transportation firm is set to release its technical map.

As Uber jumps into the bug bounty bandwagon -- a philosophy that has long been advocated by the open-source software movement -- it details its software infrastructure to the public, identifies what sorts of data might be exposed inadvertently and suggests what types of flaws are the most likely to be found.

While bug bounty is not a new idea, companies rarely divulge information about their proprietary programming, except to enable third parties to make compatible software.

"That’s a level of confidence that you have not seen too many closed-source software companies take in the past, and I’m really hopeful that others will follow suit", said Alex Rice, chief technology officer at HackerOne, which is managing Uber’s bounty program. The rewards are up to $10,000.

HackerOne, an intermediary between researchers and companies, is only one among many startups that help accelerate efforts to tap the independent security community in identifying serious programming mistakes earlier before cyber criminals attack.

CEO of HackerOne rival Bugcrowd Casey Ellis said that he has also seen a surge in corporate clients asking for private bounty programs.

This shows that the industry has moved into an era where hackers pointing out problems no longer fear arrest, and can even earn modest sums from platforms like HackerOne and BugCrowd and act as "white hats".

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Photo credit: NatBasil / Shutterstock



Aucun commentaire:

Enregistrer un commentaire