Uber, the high-flying transportation firm, is releasing a technical map of its computer and communications systems and inviting hackers to find weaknesses in exchange for cash bounties.
While so-called “bug bounties” are not new, Uber’s move shows how mainstream companies are increasingly relying on independent computer researchers to help them bolster their systems. It also indicates growing acceptance of the idea that making computer code public can make systems more secure, a philosophy that has long been advocated by the open-source software movement.
Uber’s “Treasure Map” details the ride-hailing company’s software infrastructure, identifies what sorts of data might be exposed inadvertently and suggests what types of flaws are the most likely to be found.
- Home Minister Rajnath Singh Assures Safety Of All Tourists Stranded On Havelock Island
- Government To Waive Service Tax On Debit, Credit Card Transactions Of Up To Rs 2,000
- President Pranab Mukherjee Criticises Parliament Disruptions Over Demonetisation
- Pakistan International Airlines Flight Carrying Over 40 Passenger On Board Crashes
- Shah Rukh Khan On Raees Clash With Kaabil: It’s Impossible To Have A Solo Release In India
- US-President Elect Donald Trump Named TIME’s Person Of The Year 2016
- O. Panneerselvam: 10 Things You Need To Know
- PM Narendra Modi Slams Opposition For Not Letting Parliament Function
- Nawazuddin Siddiqui On Working In Raees: Was Nervous To Shoot With Shah Rukh Khan
- Bathinda Dancer Murder: Video Showing Accused Opening Fire At Marriage
- 5 Lesser Known Facts About Sasikala Natarajan
- Congress Leader Shashi Tharoor’s Delhi Home Burgled: Here’s What Happened
- Reserve Bank Of India Keeps Repo Rate Unchanged Post Demonetisation
- Bigg Boss 10 Dec 06 Review: Swami Om Pees In Kitchen
- Lenovo k6 Power Video Review
“We’re wrapping up a lot of information and posting that to level the playing field so that it could be as easy for outside researchers to find flaws as us,” said Collin Greene, manager of security engineering at Uber.
Companies rarely say much about their proprietary programming, except to enable third parties to make compatible software.
“That’s a level of confidence that you have not seen too many closed-source software companies take in the past, and I’m really hopeful that others will follow suit,” said Alex Rice, chief technology officer at HackerOne, which is managing Uber’s bounty program.
HackerOne, a San Francisco rival called Bugcrowd and other startups have helped accelerate efforts to tap the independent security community to identify serious programming mistakes before criminals or spies do. They can serve as intermediaries between researchers and companies, and sometimes vet their findings.
A decade ago, hackers pointing out problems feared arrest but they can now earn modest sums from platforms like HackerOne. Firms such as Uber, looking to bolster their defenses, don’t pay as much as criminals and military contractors who are looking for tools to carry out offensive attacks, but they offer options to those who would prefer to act as “white hats.”
Bugcrowd Chief Executive Officer Casey Ellis said he has seen a surge in corporate clients asking for private bounty programs that are open to selected researchers.
“That increases the amount of trust you are giving to the researchers,” Ellis said. “We run trusted programs where people get prerelease versions of Internet of Things devices or access to source code.”