Sign in / up

back to article United Airlines bug bounty shells out 1.8M miles for three flaws

United Airlines has paid 1.5 million flight miles to two bug hunters who squelched 14 vulnerabilities under its newly hatched bug bounty program. Florida man Jordan Wiens reported two remote code execution bugs to the airline but could not detail the technical aspects given the program's non-disclosure agreement. The program …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. cd

    This was the first positive sensible thing I've heard about United.

    Just went outside, still hot in Arizona, no pigs in sky. I'll check again later.

    10 0 Reply
  2. chivo243 Silver badge
    Mushroom

    Great

    if only united doesn't lose the miles due to a bug!

    1 0 Reply
  3. Notas Badoff
    WTF?

    And for the negative take on this...

    "I've been rewarded 500,000 miles for a bug I found on May the 16th and I still have several bugs pending.

    "Overall, I probably dedicated ~10 hours to their bug bounty program."

    Umm, so now we've heard that several bugs, some major, can be found at United with only a few hours expended. Perhaps that is one of the 'facts' they should have embargoed?

    3 0 Reply
    1. P. Lee
      Reply Icon

      Re: And for the negative take on this...

      >now we've heard that several bugs, some major, can be found at United with only a few hours expended. Perhaps that is one of the 'facts' they should have embargoed?

      Nope. The point is to encourage people to find and report the bugs. If people think its easy, they're more likely to have a go. The trick is to make the bounty worth more than selling the flaw. Lucky for United, even high-value mileage probably doesn't cost them much. Win-win.

      3 0 Reply
    2. Voland's right hand Silver badge
      Reply Icon

      Re: And for the negative take on this...

      Depends who is expending them.

      0 1 Reply
  4. RedneckMother
    Coat

    bets?

    Odds are, the bounty hunters are already on the "do not fly" list...

    1 0 Reply
  5. Ol'Peculier
    Thumb Down

    Code share

    Has the writer ever flown with United (or any American carrier for that matter) because the first question I'd be asking is if they can be used on a code share with another airline?

    1 0 Reply
  6. Anonymous Coward
    Anonymous Coward

    Unfortunately...

    ...there are probably hundreds of unfound security holes that hackers will eventually find and exploit.

    0 0 Reply
  7. Efros

    We should

    Pressure the brewers to offer similar rewards for bug hunting their software. Second prize lifetime supply of chosen brew, first prize new liver.

    2 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like