So, United Airlines didn’t hesitate to give away 1 million miles to two people who have successfully found security holes in the airline’s computer systems.
Unlike technology companies, bug bounties in the transportation industry are quite rare.
A pair of hackers who spotted security flaws in the United Airlines website have each been given a million free flight miles as part of the company’s bounty program, which rewards those hackers that privately disclose security issues rather than leaking them online.
United spokesman Luke Punzenberger confirming the news said on Thursday that two people have received the maximum award of 1 million miles each and others winners received smaller awards.
Trade group Airlines for America said in a statement that all USA carriers conduct tests to make sure their systems are secure. That’s equivalent to flying from the U.S.to Europe 33 times.
United, the second-largest airline in the United States, began the program just weeks before software glitches grounded the airline’s fleet twice.
Facebook, for example, asks hackers for “reasonable time” before going public with their findings.
“That’d be a once in a lifetime opportunity”, he said in an interview with the Washington Post.
On its website, United explained that the program would “bolster our security and allow us to continue to provide excellent service”.
Wiens said he never planned on entering United’s contest.
Individuals can receive compensation for reporting bugs, especially those that focus on vulnerabilities such as security or vulnerabilities that could be exploitive. The fact the airline runs a contest to detect these problems means more companies are getting realistic about the advantages of crowdsourcing cybersecurity, he said.
Chris Petersen, chief technology officer and co-founder of LogRhythm Inc., a Boulder, Colorado-based security intelligence company, said bug bounties are growing in popularity, as companies race to shut all the backdoors into their systems before the black-hat hackers find them. They also urge most if not all companies to have internal programs that continuously check systems for intrusions.