New Bug-Hunt Bounty: Frequent-Flyer Miles

shutterstock_111203738

Bug-bounty programs: They’re not just for software giants anymore.

United Airlines recently announced that it would pay out a million frequent-flyer miles to anyone who discovers a remote code execution bug in its websites, apps, other online properties, or third-party programs loaded by United.com.

Check out the latest QA jobs.

The airline is also willing to give a quarter-million frequent-flyer miles to anyone who discovers bugs that enable timing attacks, personally identifiable information (PII) disclosure, brute-force attacks, and authentication bypass. Those developers and bug-hunters who uncover vulnerabilities related to cross-site scripting, cross-site request forgery, and “third party” issues can earn 50,000 miles per bug.

In an interesting twist, United apparently isn’t willing to pay miles in exchange for discovering bugs in onboard Wi-Fi, entertainment systems, or avionics, probably because it doesn’t like the idea of developers poking through code that helps planes actually stay in the air (in the case of avionics). It has also excluded bugs in internal sites (i.e., not customer-facing) from consideration.

Google and other tech firms have long sponsored bug hunters, but they’re usually willing to shell out cold, hard cash in exchange for discovering vulnerabilities. Since 2010, for example, Google has paid out more than $4 million to around 200 security researchers; it also recently instituted “Vulnerability Research Grants,” which pay up-front awards to researchers before they even find a bug. But any developers and researchers interested in racking up airline miles now have a new venue for their skills.

Image Credit: waku/Shutterstock.com

Comments

One Response to “New Bug-Hunt Bounty: Frequent-Flyer Miles”

May 15, 2015 at 12:46 pm, Rob S said:

Gotta love this: “…Check out the latest QA jobs….”

And the title in the e-mail was “New Bug-Hunt Bounty: Frequent Filer Miles”
Notice that “Flier” is misspelled.
Apparently the article itself is (or was changed to) “New Bug-Hunt Bounty: Frequent-Flyer Miles” but the second line of the article is “would pay out a million frequent-flier miles”
Is it “flyer” or “flier”? It seems that it depends on how the company chooses to spell it since it’s a marketing word. The United website seems to like “Flyer”.

Do I get the QA job? 🙂

Reply

Post a Comment

Your email address will not be published.