United Airlines Rolls Out Bug Bounty Program

United Airlines

Earlier in the year, 10k frequent flier accounts were hacked, United is trying to make up for this by leveraging the expertise of the broader community of software engineers. To be clear, this program is not related to any of the third party customer facing web properties or apps.

From Info-Security Magazine:

In the wake of a high-profile frequent flier account hack, United Airlines has rolled out a bug bounty program, promising airline miles for vulnerabilities. A lot of miles too: up to 1 million for a remote code execution flaw.

United said that it’s looking for issues that affect the confidentiality, integrity and/or availability of customer or company information. The eligible list includes: Authentication bypass; bugs on customer-facing websites, the United app or third-party programs loaded by united.com or its other online properties; cross-site request forgery (CSRF) and cross-site scripting (XSS); potential for information disclosure; remote code execution; timing attacks that prove the existence of a private repository, user or reservation; and the ability to brute-force reservations, MileagePlus numbers, PINs or passwords.

 

The following two tabs change content below.
I'm an eternal optimist, follow a Buddhist philosophy, geek of many areas, entrepreneur, learning the Chinese language, a die-hard sports fan, love politics and nuclear submarines.

Latest posts by Andy (see all)

One thought on “United Airlines Rolls Out Bug Bounty Program”

  1. What other industries has implemented bug bounties? It seems that they are very confident that this will prevent rather than encourage additional breaches. I do not know about anyone else, but this is very concerning.

Leave a Reply

Your email address will not be published. Required fields are marked *