July 20, 2015

Like To Find Bugs? Like To Travel? Here's How You Can Do Both!



If you are good at hunting down bugs, you could earn travel miles from United Airlines. In fact, if you are the first to find a particular remote code execution bug, you could earn 1,000,000 miles! copyrightjoestrazzere

The program was implemented in May, and so far two testers have each found 1,000,000-mile bugs.

Jordon Wiens, a software security researcher in Florida was one. The bug he found would have allowed an attacker to execute code remotely on one of United’s systems. In addition to the remote code execution bug, Jordan found another that earned him 250,000 additional travel miles. Should he choose to do so, he can now travel from the United States to Europe about forty-one times, courtesy of United and his bug-hunting skills.

United won't reward you for finding bugs in their onboard Wi-Fi, entertainment systems or avionics. But they do offer miles to testers who find a variety of bugs on United-operated, customer-facing websites such as united.com, beta.united.com, mobile.united.com, mystatus.united.com, smartphone.continental.com as well as bugs on the United app, and other United properties.

The severity of the bug determines the reward:

Bug Bounty payout structure
SeverityExamplesMaximum payout in award miles
High
  • Remote code execution
1,000,000
Medium
  • Authentication bypass
  • Brute-force attacks
  • Potential for personally identifiable information (PII) disclosure
  • Timing attacks
250,000
Low
  • Cross-site scripting
  • Cross-site request forgery
  • Third-party security bugs that affect United
50,000

So if you like to travel, read and follow the United Airlines Bug Bounty instructions, roll up your sleeves, and find some bugs. If you are skilled enough and quick enough, you could be "flying the friendly skies" soon.


Also see:

This article originally appeared in my blog: All Things Quality
My name is Joe Strazzere and I'm an experienced Quality Assurance professional.
I like to lead, to test, and occasionally to write about leading and testing.
Find me at http://AllThingsQuality.com/.

No comments:

Post a Comment