Like To Find Bugs? Like To Travel? Here's How You Can Do Both!

If you are good at hunting down bugs, you could earn travel miles from United Airlines. In fact, if you are the first to find a particular remote code execution bug, you could earn 1,000,000 miles! copyrightjoestrazzere

The program was implemented in May, and so far two testers have each found 1,000,000-mile bugs.

Jordon Wiens, a software security researcher in Florida was one. The bug he found would have allowed an attacker to execute code remotely on one of United’s systems. In addition to the remote code execution bug, Jordan found another that earned him 250,000 additional travel miles. Should he choose to do so, he can now travel from the United States to Europe about forty-one times, courtesy of United and his bug-hunting skills.

United won't reward you for finding bugs in their onboard Wi-Fi, entertainment systems or avionics. But they do offer miles to testers who find a variety of bugs on United-operated, customer-facing websites such as united.com, beta.united.com, mobile.united.com, mystatus.united.com, smartphone.continental.com as well as bugs on the United app, and other United properties.

The severity of the bug determines the reward:

Bug Bounty payout structure

Severity	Examples	Maximum payout in award miles
High	Remote code execution	1,000,000
Medium	Authentication bypass Brute-force attacks Potential for personally identifiable information (PII) disclosure Timing attacks	250,000
Low	Cross-site scripting Cross-site request forgery Third-party security bugs that affect United	50,000

So if you like to travel, read and follow the United Airlines Bug Bounty instructions, roll up your sleeves, and find some bugs. If you are skilled enough and quick enough, you could be "flying the friendly skies" soon.


Also see:

http://www.united.com/web/en-US/content/Contact/bugbounty.aspx

https://www.washingtonpost.com/blogs/the-switch/wp/2015/07/16/why-united-airlines-is-rewarding-hackers-with-millions-of-free-miles/

http://www.bbc.com/news/technology-33552195

http://www.csmonitor.com/Business/2015/0717/United-Airlines-awards-bug-bounty-Is-it-getting-cybersecurity-savvy

http://consumerist.com/2015/07/14/first-united-airlines-bug-bounty-payout-is-one-million-miles/

http://www.thehoopsnews.com/2015/07/19/6896/united-airlines-hackers-given-million-free-flight-miles-under-bug-bounty-program/

http://triblive.com/usworld/nation/8766543-74/united-wiens-million

---

This article originally appeared in my blog: All Things Quality

	My name is Joe Strazzere and I'm an experienced Quality Assurance professional. I like to lead, to test, and occasionally to write about leading and testing. Find me at http://AllThingsQuality.com/.