US airline United has rewarded two hackers who spotted security holes in its website with a million free flight miles each. The flight provider operates a “bug bounty” scheme that rewards hackers for privately disclosing security flaws rather than sharing them online.
It has given the maximum reward of a million flight miles, worth dozens of trips, to two people.
One security expert said the scheme was a big step forward for online security.
“Schemes like this reward hackers for finding and disclosing problems in the right way. That makes the internet safer for all of us,” said security consultant Dr Jessica Barker.
“Bug bounties are common in tech companies as they tend to understand online security a bit more, but other industries are catching up,” said Dr Barker.
The idea of responsible disclosure, reporting issues and giving companies time to fix them, is not new. Big technology companies such as Yahoo, Google and Facebook offer hackers cash incentives to report bugs privately.
In return for receiving their flight rewards, hackers are forbidden from revealing the nature of the security holes they discovered.
“We believe that this program will further bolster our security and allow us to continue to provide excellent service,” United said on its website.
“It’s not always about hackers digging around looking for flaws. A hacker may be using a service and notice something a bit off,” said Dr Barker.“We all benefit if they look into that,” she added.
No comments:
Post a Comment