United launched a ‘bug bounty’ program where they will provide miles to the first person who identifies and submits a security vulnerability.
Rewards to the general public for identifying software glitches date to Netscape twenty years ago, and programs are common to companies like Google, Microsoft, and Yahoo.
United’s program is limited to security vulnerabilities, and merely identifying a vulnerability doesn’t guarantee a fix. (They aren’t going to reward anyone for telling them that their system errors out at purchase, or fails to properly reissue tickets.)
A bug bounty program permits independent researchers to discover and report issues that affect the confidentiality, integrity and/or availability of customer or company information and rewards them for being the first to discover a bug.
Be good, though — United provides fair warning that if your strategy for identifying these issues involves code injection on live systems, DDOS attacks, or testing on aircraft or inflight entertainment systems, you could go away for a very long time.
This is a brilliant move by United. The rewards are comparatively generous. And other airlines should copy this. (Believe it or not, United is an industry leader, and Delta should copy them..!)
is this for mistake fares?
ha no way i will participate in this. I know of a vulnerability that is worth way more than 1 milion miles. I am sure other hackers will do the same.
Good for you Ivan.
Let me guess: for vulnerabilities on Star Alliance partners they’ll be paying 2x to 3x?
If only Hilton offered this…
This is all PR baloney. It’s a response to the Chris Roberts incident…
As pointed out by The Register, this might be great PR for United, but isn’t likely to bring real experts to fix their website(s).
http://www.theregister.co.uk/2015/05/14/united_bug_bounty_program/
Basically, the pros work for cash, not funny money. In any case, considering how much it costs to fly partner F on an award, I’d have hoped for more miles. It feels like they’re going cheap (again, more for PR than to actually identify issues).
Wonder if someone does find the bug and gets the reward would they be taxed on it (since not given as a marketing/discount/promotion/rebate). Read somewhere that some contests/drawings where the prize is not money the taxes owed are not worth what the person owes the taxes owed on the suppose prize.