So, what’s different in United Airlines new bug bounty?
Let’s see what United Airlines says about its bug bounty program:
"At United, we take your safety, security and privacy seriously. We utilize best practices and are confident that our systems are secure," said the company.
"We believe that this program will further bolster our security and allow us to continue to provide excellent service. If you think you have discovered a potential bug that affects our websites, apps, and online portals, please let us know. If the submission meets our requirements, we'll gladly reward you for your time and effort."
The classification of the bug bounty rewards:
- Low-severity bugs including cross-site scripting, cross-site request forgery and third-party issues affecting United are worth 50,000 air miles.
- Medium-severity flaw includes authentication bypass, denial-of-service attacks, brute-force attacks and security issues that could lead to the disclosure of personally identifiable information are worth 250,000 air miles per vulnerability.
- The top prize, a Million-mile payout, will be rewarded to researchers who will find high-severity vulnerabilities related to issues that would lead remote code execution on United's online properties.