Skip to main content

Programmer hits the jackpot with United bug bounty program

united airlines delays computer glitch news major glitches halt all nyse trading and ground flights
Image used with permission by copyright holder
Jordan Weins has become the first researcher to claim a huge miles bounty form United Airlines in return for reporting a remote-code execution error in their site.

Back in May United Airlines began offering mile rewards for reporting bugs in their online systems. The move was largely a response to criticism the airline faced after it booted a programs researcher off one of its flights. The boot was a punishment they saw fit when the researcher tweet about an exploit he found in the flights onboard systems. The mile rewards is offered in tiers depending on the severity of the issue found and of course reported.

United said it will reward the finding of “basic third-party issues affecting its systems with 50,000 miles, exploits that could jeopardize the confidentiality of customer information get 250,000 miles, and major flaws related to remote-code execution earn a maximum of 1,000,000 miles.” Other companies have also been known to offer bounties in an attempt to dissuade savvy programmers from taking advantage of flaws and instead turn them in for cash. The list includes heavy-weight tech names like Google, Facebook, and Yahoo!.

Related: Major bug grounded United flights, halted trading on NYSE

It was the first time that Weins had ever submitted to a bug bounty program, and he had no intention of receiving the grand prize. “There were actually two bugs that I submitted that I were pretty sure were remote code execution, but I also thought they were lame and wasn’t sure if they were on parts of the infrastructure that qualified,” Wiens told the ThreatPost security blog. “My expectation was that they counted, but I figured they’d award me 50,000 miles or something smaller.” One can imagine his surprise when United Airlines contacted Weins and told him to check his account, wherein he found many a vacation waiting for him.

While the gesture is certainly good for United publicity, it may also serve as bait for future researchers to submit, hoping to get the grand prize. Best of luck to all the hackers out there.

Editors' Recommendations

Andre Revilla
Andre Revilla is an entrepreneur and writer from Austin, TX that has been working in and covering the consumer tech space for…
Google’s Android bug bounty program announces a $1 million prize
pixel 4 xl screen vs pixel 3 xl screen

Google has been handing out cash rewards to Android bug hunters since 2015 in an effort to keep the mobile operating system safe and secure and running smoothly.

This week the Mountain View, California-based company announced it is increasing its top payout to a whopping $1 million, with a potential for a 50% bonus that pushes it to $1.5 million.

Read more
Microsoft opens Chromium Edge bug bounty program with rewards up to $30,000
microsoft chromium edge bug bounty insider

Microsoft has launched a bug bounty program for Chromium Edge, with security starting to become an even more important aspect as the web browser moves closer to its first official release.

Microsoft worked Edge through a major overhaul, dropping EdgeHTML in favor of the open-source Chromium engine that also serves as the foundation for Google's Chrome web browser. To allow the Chromium Edge to keep up with competition, the browsers needs to be proven safe and secure.

Read more
EU to offer bug bounties for finding security flaws in open-source software
Bug bounty using computer

Bug bounties are a way for companies to check the security of their software by offering cash to freelancers who hunt for security exploits and then report them so that they can be fixed. The idea is that everyone benefits from this process: the company gets its software checked by a larger variety of people than they could employ by themselves, the bug hunters get offered legitimate cash for finding a security flaw instead of selling that information on the black market, and the public gets software which has been more thoroughly checked for security issues. Big tech companies like Google and Intel have been running bug bounty programs for years.

Now the European Union is getting in on the action too. From January 2019, the EU will be launching a bug bounty program as part of their Free and Open Source Software Audit project (FOSSA), focused on security issues with open-source software. The FOSSA project was started back in 2014 when security vulnerabilities were found in the OpenSSL Open Source encryption library which is used for the encryption of internet traffic. As free and open-source software performs a number of vital functions for every internet user, the European Parliament and others decided to take on the challenge of auditing the free software that they use for security issues.

Read more