Welcome All Bug Bounty Hunters
Last year we launched a private, beta bug bounty program for over 200 security researchers. They found nearly 100 bugs — all of which have been fixed, helping to improve security at Uber. So today we’re excited to announce our official bug bounty program. Payouts will go up to $10,000 for critical issues.
We’ve also created a first of its kind loyalty reward program that is designed to encourage members of the security community to dig deep, helping Uber to deal with even the most subtle bugs.
- The first reward program season will be begin on May 1 and it will last 90 days.
- Bounty hunters will be eligible for the reward program once they have found four issues that have been accepted by Uber as genuine bugs.
- If they find a fifth issue within the 90 day session, they will get an additional, bonus payout. This will be equivalent to 10% of the average payouts for all the other issues found in that session.
- The same rules will apply for any additional bugs reported within that 90 day session.
Even with a team of highly-qualified and well trained security experts, you need to be constantly on the look-out for ways to improve. This bug bounty program will help ensure that our code is as secure as possible. And our unique loyalty scheme will encourage the security community to become experts when it comes to Uber.
– Joe Sullivan, Chief Security Officer
In addition, we’re focused on being as transparent as possible so that researchers have access to the right information, right from the start.
- Uber has created a treasure map guide to show security researchers how to find the different classes of bugs across our codebase. This will be regularly updated.
- We will publicly disclose and highlight the highest-quality submissions (with the permission of the researcher, of course) so everyone can see the best examples of the kinds of issues that get rewarded.
- Whenever feasible, we will provide researchers with access to new features at the same time that we’re rolling them out to Uber employees.
We believe that bug bounty programs are an important part of the modern software development lifecycle. Our unique program combines healthy rewards, a loyalty program, and a ‘treasure map’ of information to incentivize our community to find even the most subtle bugs as we work together to protect users.
– John “Four” Flynn, Uber Chief Information Security Officer
For more information about the program visit https://hackerone.com/uber
We are excited to surpass the 100th city mark by welcoming two Brazilian cities, Rio de Janeiro and Belo Horizonte, to the UberEATS family. From Atlanta to Warsaw, people have truly embraced this easy and reliable way to discover the food they love at the push of a button. Whether that’s an Indian inspired samosa, a good old-fashioned American burger or Vietnamese pho, people in 27 countries are using UberEATS to get a taste of the world’s flavors at the push of a button.
We’re excited to expand the Uber for Business platform beyond business travel, to include a world-class customer transportation solution, Uber Central. With Uber Central, organizations of all shapes and sizes can now easily provide on-demand, door-to-door transportation for their customers, clients, and guests.
A little over a year ago, we set out to put a new spin on an old classic–make reliable food delivery available at the tap of a button. Back then, we started by offering food in the UberEATS app from 1,000 pioneering restaurant partners in four cities. And today, more than 40,000 restaurants globally–from poke shops to pasta spots–are sharing food with customers through UberEATS. With a growing restaurant community comes more choices and more complexity. So we’re cooking up features to continue to make UberEATS easy and reliable. Here is a taste–