airmiles....
A HA HHA HAH HAH AH AHA HAHAH HAH
P.
United Airlines is starting a bug bounty program aimed at finding flaws and errors in its web portals – but the rewards it's offering aren't payable in money, but in air miles. "At United, we take your safety, security and privacy seriously. We utilize best practices and are confident that our systems are secure," the company …
Actually united ones are semi-useful. You can book something with them even during peak periods. I use them regularly for flights to Euirope in mid-winter when the prices go through the roof because of the skiers.
Try that with BA or Iberia - there is zero availability during time you actually need them and nearly zero availability to book more than 2 people on a flight at a time.
It is not a useful "reward" for a bug bounty though.
@Voland's right hand
As long as they aren't magically lost or no longer valid for any myriad of reasons, merger with this group, rewards program restructuring, etc.
I wouldn't do work for United just on principle alone, so airmiles would be a real big middle finger to me.
United is a no-fly zone for this old coot!
50000 is probably good for a one way upgrade to long haul business class. I don't know the specifics of UA, but on BA 250000 will get you to Hong Kong and back in first (I've actually done that). Finding seats can be hard, but when you do, you're paying in miles for something that can cost upwards of £4000.
Anon. As someone who's done quite a bit of travel in premium cabins, where someone else has effectively paid for the miles (not to mention me being a mileage geek), I reckon that puts me in the official Twat Club.
Just by using the term "mileage geek" puts you into the Twat Club... Also because I assume you are one of that ass-hats that book "disposable, point-beyond" tickets so that people that are actually going to the end destination are waiting on your dumb ass because the airline is nice and is waiting for you to make on the plane, but because you don't show up, we end up being delayed for half an hour for no reason.
It's only worth £4000 if you were planning on spending £4000 for that flight but didn't have to because you had air miles. If you would never consider doing such a thing, then the value to you is lower than the retail price.
Bug bounties don't pay much per hour worked. In 2014 in Facebook's bug bounty program, the top 5 countries were India, Egypt, USA, UK and Philippines, in that order. Now tell me, how many Indians want to save on their business class travel?
https://www.facebook.com/notes/facebook-bug-bounty/2014-highlights-bounties-get-better-than-ever/1026610350686524
"It's only worth £4000 if you were planning on spending £4000 for that flight but didn't have to because you had air miles. If you would never consider doing such a thing, then the value to you is lower than the retail price."
And I'll say to you what I've said to everyone else who employed that little argument. Bollards! I prefer to think of it as £4000-50000 pay rise (less the cost of an economy ticket, but plus the cost of the first day of the stay) plus a good night's sleep and plenty of premium booze*.
* Though I regard the JW Blue as overrated.
Airmiles? Ok... They say they take this stuff seriously and it's important and they're confident that they are secure. Given the bounty, a few people will jump on it. Probaly not the experts. Maybe someone just trying to make a name for themselves will. In about a year or less, United will report something like: "see.. no bugs were found...we're great" due to a lack of bug reports. Then the blackhats who have been quietly working in the background and have taken the challenge for nefarious purposes will rip them a new one.
The land of the free home of the braid will place you on the no-fly list for looking foreign, for not looking foreign enough or for having some un'merican consonants in your name. Owning up to hacking airline web sites in order to win air miles appears to be an oxymoron.
I'm curious how you can win this without also being exposed to some eager cops. So you go off, and poke around united.com. How hard do you poke before you break the law? View Source is going to be fine, but you aren't gonna find anything that way. In fact to trigger the interesting airmile bonuses you are going to have to do things like enter fake data and see if it comes back to you (to trigger, e.g. an XSS exploit). Wouldn't that get you both the airmiles and a one-way trip to jail?