NEWS
NEWS
NEWS
Come fly with me: United offers FF points in new bug bounty program
United Airlines, Inc. has launched a new bug bounty program that rewards those who find security flaws with frequent flyer points.
According to reports, the new program provides the points in return for those who report flaws on United’s website and mobile app; not surprisingly though the program excludes finding flaws with onboard Wi-Fi, entertainment systems or avionics.
“At United, we take your safety, security and privacy seriously. We utilize best practices and are confident that our systems are secure. We are committed to protecting our customers’ privacy and the personal data we receive from them, which is why we are offering a bug bounty program — the first of its kind within the airline industry” United says in a statement on their website.
“We believe that this program will further bolster our security and allow us to continue to provide excellent service. If you think you have discovered a potential bug that affects our websites, apps and/or online portals, please let us know. If the submission meets our requirements, we’ll gladly reward you for your time and effort.”
To participate, researchers or the naturally curious must be a MileagePlus member (United’s frequent flyer program) of good standing, and can not be an employee of United Airlines, any Star Alliance member airline or any other partner airline, or live in a household with someone that does.
Naturally the airline adds “the researcher submitting the bug must not be the author of the vulnerable code.”
Rewards range from 50,000 points for low-level bugs such as cross-site scripting, 250,000 points for mid-level issues including vulnerability to brute force attacks, authentication bypasses and the ability to access private information, through to 1 million points for vulnerability to remote code execution.
How well the program will be received by those in the security field is yet to be seen; while the likes of Google and Facebook Inc. offer cash rewards for finding bugs, there might be a some out there who are keen United flyers.
Details of how to submit a bug under the program are available on United’s Bug Bounty site.
Image credit: aero_icarus/Flickr/CC by 2.0
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
