Dive Brief:
- Uber announced Tuesday that it will conduct a bug bounty program starting in May, offering up to $10,000 to anyone that can find a major security flaw in its system.
- Beginning on May 1, security researchers will have 90 days to identify bugs in Uber's system. Those who find four or more bugs will get a bonus, which the company said should encourage hackers to keep searching.
- In its announcement, Uber included a "treasure map" to help researchers navigate the company's code with tips for uncovering security issues.
Dive Insight:
Several large U.S. businesses have used bug bounty programs to help find holes in their network security before hackers do. Earlier this month, the Pentagon even joined in, saying it plans to invite hackers to test the cybersecurity of some public U.S. Department of Defense websites.
The contest will include three levels of bugs and each of which will pay an escalating bounty, said Uber.
Uber has had several security breaches over the last few years, but the new contest is not in response to any specific incident, the company said. The bug bounty program is a descendent of a private "beta" hackathon last year which identified more than 100 bugs.
"You want to stack the odds in your favor," Colinn Greene, a member of Uber's security team, told The Verge.