Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
'Don't Extort Us': Uber Clarifies its Bug Bounty Policy
Updated parameters should help avoid future extortion incidents.
1 Min Read
Uber this week outlined more specific guidlelines for its bug bounty program in the wake of its 2016 data breach that demonstrated gaping holes in its vulnerability disclosure policy.
The ride-sharing company last fall revealed that it had paid two hackers $100,000 to destroy driver and rider data they had stolen from a cloud storage location, and that it had failed to disclose the breach for a year. Since then, the company has been working on retooling its bug bounty program to encourage proper disclosure.
The new policy states, in part: "Don't extort us. You should never illegally or in bad faith leverage the existence of a vulnerability or access to sensitive or confidential information, such as making extortionate demands or ransom requests or trying to shake us down. In other words, if you find a vulnerability, report it to us with no conditions attached."
Read more here.
About the Author
You May Also Like
More Insights
Webinars
The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024
Events
