This was the first positive sensible thing I've heard about United.
Just went outside, still hot in Arizona, no pigs in sky. I'll check again later.
United Airlines has paid 1.5 million flight miles to two bug hunters who squelched 14 vulnerabilities under its newly hatched bug bounty program. Florida man Jordan Wiens reported two remote code execution bugs to the airline but could not detail the technical aspects given the program's non-disclosure agreement. The program …
"I've been rewarded 500,000 miles for a bug I found on May the 16th and I still have several bugs pending.
"Overall, I probably dedicated ~10 hours to their bug bounty program."
Umm, so now we've heard that several bugs, some major, can be found at United with only a few hours expended. Perhaps that is one of the 'facts' they should have embargoed?
>now we've heard that several bugs, some major, can be found at United with only a few hours expended. Perhaps that is one of the 'facts' they should have embargoed?
Nope. The point is to encourage people to find and report the bugs. If people think its easy, they're more likely to have a go. The trick is to make the bounty worth more than selling the flaw. Lucky for United, even high-value mileage probably doesn't cost them much. Win-win.