Welcome All Bug Bounty Hunters
Last year we launched a private, beta bug bounty program for over 200 security researchers. They found nearly 100 bugs — all of which have been fixed, helping to improve security at Uber. So today we’re excited to announce our official bug bounty program. Payouts will go up to $10,000 for critical issues.
We’ve also created a first of its kind loyalty reward program that is designed to encourage members of the security community to dig deep, helping Uber to deal with even the most subtle bugs.
- The first reward program season will be begin on May 1 and it will last 90 days.
- Bounty hunters will be eligible for the reward program once they have found four issues that have been accepted by Uber as genuine bugs.
- If they find a fifth issue within the 90 day session, they will get an additional, bonus payout. This will be equivalent to 10% of the average payouts for all the other issues found in that session.
- The same rules will apply for any additional bugs reported within that 90 day session.
Even with a team of highly-qualified and well trained security experts, you need to be constantly on the look-out for ways to improve. This bug bounty program will help ensure that our code is as secure as possible. And our unique loyalty scheme will encourage the security community to become experts when it comes to Uber.
– Joe Sullivan, Chief Security Officer
In addition, we’re focused on being as transparent as possible so that researchers have access to the right information, right from the start.
- Uber has created a treasure map guide to show security researchers how to find the different classes of bugs across our codebase. This will be regularly updated.
- We will publicly disclose and highlight the highest-quality submissions (with the permission of the researcher, of course) so everyone can see the best examples of the kinds of issues that get rewarded.
- Whenever feasible, we will provide researchers with access to new features at the same time that we’re rolling them out to Uber employees.
We believe that bug bounty programs are an important part of the modern software development lifecycle. Our unique program combines healthy rewards, a loyalty program, and a ‘treasure map’ of information to incentivize our community to find even the most subtle bugs as we work together to protect users.
– John “Four” Flynn, Uber Chief Information Security Officer
For more information about the program visit https://hackerone.com/uber
In September, we introduced the world’s first Self-Driving Ubers to the Steel City. Three months later, we’re bringing Volvo XC90s to San Francisco. We’re incredibly excited to work with Volvo to pair our state-of-the-art self-driving technology with Volvo’s outstanding vehicle development and core safety capabilities. Starting today, riders who request an uberX in San Francisco […]
Today we announced we’re collaborating with Disney on an activation that transforms the Uber rider app into a themed Rogue One: A Star Wars Story experience. The in-app experience, which Uber riders can opt-into, will unlock special Rogue One: A Star Wars Story features as well as access to exclusive video content. Uber riders in […]
This flu season, we’re delivering free flu-fighting care packages across the country. When you receive a pack, you’ll have the option to request a free flu shot from a registered nurse–for up to 5 people.