United Airlines has joined the slew of major companies that will offer rewards to determined computer engineers and coders who might find flaws in its security systems. United will be giving away miles as a reward for finding exploits in its systems.
While there are a number of specific requirements, United will reward those who find basic third-party issues affecting its systems with 50,000 miles, exploits that could jeopardize the confidentiality of customer information get 250,000 miles, and major flaws related to remote code execution earn a maximum of 1,000,000 miles.
Just in the last five years, Facebook, Google, and Microsoft have all offered financial rewards for finding bugs and turning them in. The information, backdoors, or otherwise valuable systems information acquired through hacking can help companies make their systems better. From browsers to social networks, these companies have realized it is likely wiser to harness the skills of these individuals (and often would-be hackers), than attempt to corner and arrest them. Things don’t typically go so well when companies attack those who were only trying to help point of system flaws.
In mid-April of this year, pro hacker (ahem…security expert) Chris Roberts found himself in a holding room being questioned by FBI agents for four hours. All this, because he made a joke regarding the security flaws in the communications systems of the plane he was on. United Airlines barred him from continuing to his final destination and banned him from flying on its airline. Roberts was on his way to attend two security conferences.
His thoughts on the matter said it best, “I’m a researcher, that’s what I do, I don’t go out to harm or hurt, why pick on researchers? If not us, then who will find flaws?” It’s unknown if his United Airlines flight ban has been lifted.
Of course, the airline will not be rewarding brute force attacks, DOS attacks, or any investigations by researchers into its internal sites, on board systems, or issues that only affect unsupported browsers or legacy systems.