Earn up to $10K in Uber's bug bounty program

Ronny Kerr · March 22, 2016 · Short URL: https://vator.tv/n/442a

Following in the footsteps of tech giants like Facebook and Google, Uber hopes to attract white hats

When we discuss the challenges of building up a startup, one of the most often touted topics is that of “scale.” But usually when we talk about scale, the conversation focuses on how to scale up the company to meet the demand of a growing customer base and the expanding needs of those customers.

Less often highlighted is the need—in technology companies specifically—for developers and engineers to rapidly scale the product as more and more fresh engineers come on board, all while making sure the codebase remains efficient and free of bugs.

Of course, the faster and bigger you grow, the harder all that becomes. Enter: the bug bounty program.

Uber, not just the biggest ridesharing company in the world but also the most highly valued private company in the world, today announced the public launch of its bug bounty program, opening the floodgates for individual researchers to identify bugs in Uber's system.

For researchers who discover and report the most critical system issues and bugs, payouts will go up to $10,000.

Bug bounty programs are a widely accepted way for very large technology companies to broaden the scope in the endless search for bugs. The idea is that by offering rewards to “white hat” hackers, the companies can limit the number of vulnerabilities open for exploitatation to “black hat” hackers, who would hack the systems for malicious intent or personal gain.

Facebook, Google, Reddit, Square, and Yahoo! have all launched bug bounty programs.

“We believe that bug bounty programs are an important part of the modern software development lifecycle,” said John “Four” Flynn, Uber Chief Information Security Officer, in a prepared statement. “Our unique program combines healthy rewards, a loyalty program, and a ‘treasure map’ of information to incentivize our community to find even the most subtle bugs as we work together to protect users.”

This newly launched program from Uber is the next logical step in a private/beta bug bounty program initially launched by the company last year, which included over 200 security researchers.

But even in the last year, Uber has raised several billions of dollars to vastly expand its service both in the U.S. (with new offerings like food delivery service UberEATS) as well as across major markets around the world, including China and India. Though the company—currently headquartered in San Francisco with plans to move to Oakland—is likely hiring engineers as fast as it can, there are limitations to how many security holes a company can identify and resolve on its own.

We’ve reached out to Uber to confirm how many engineers currently work there now and to see if they have a sense of how many individuals will participate in their new bug bounty program. I’ll update when I hear back.

Support VatorNews by Donating

Read more from our "Trends and news" series

More episodes

Related Companies, Investors, and Entrepreneurs



Joined Vator on

Uber is a ridesharing service headquartered in San Francisco, United States, which operates in multiple international cities. The company uses a smartphone application to arrange rides between riders and drivers.