'Don't Extort Us': Uber Clarifies its Bug Bounty Policy

Updated parameters should help avoid future extortion incidents.



Uber this week outlined more specific guidlelines for its bug bounty program in the wake of its 2016 data breach that demonstrated gaping holes in its vulnerability disclosure policy.

The ride-sharing company last fall revealed that it had paid two hackers $100,000 to destroy driver and rider data they had stolen from a cloud storage location, and that it had failed to disclose the breach for a year. Since then, the company has been working on retooling its bug bounty program to encourage proper disclosure.

The new policy states, in part: "Don't extort us. You should never illegally or in bad faith leverage the existence of a vulnerability or access to sensitive or confidential information, such as making extortionate demands or ransom requests or trying to shake us down. In other words, if you find a vulnerability, report it to us with no conditions attached."

Read more here.

 

 

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2021 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service