Bug bounty programs are pretty common among tech firms: the likes of Facebook and Google (although notably not Apple) will offer you hundreds of thousands of dollars in order for exposing security flaws in their products. It’s a good system, and one United Airlines wants to use: just without offering cold, hard cash.
Instead, United is offering air miles as the reward for the fruits of your labor. Sure, you can’t feed a family, or pay your internet bill with United miles — but you can at least fly to Europe whilst losing all feeling in your feet! United is offering 50,000 miles (cash equivalent: about $1000) for small flaws, like cross-site scripting, 250,000 miles for authentication bypass, and a million miles if you can remotely execute code.
Notably, eligible bugs are limited to United’s customer-facing websites and apps: onboard Wi-Fi, avionics, and entertainment systems are off-limits. That’s not surprising, given United’s previous response to onboard hackers, but it does limit the program somewhat.
Although it’s good that United has a bug bounty system at all — they work well at preventing hacks from being used nefariously — it would be nice if United actually rewarded the work of security researchers with real money. Or, y’know, Virgin miles. [United via Wired]
Contact the author at firstname.lastname@example.org.