- dr staff 125x125 - Uber Clarifies its Bug Bounty Policy

Updated parameters should help avoid future extortion incidents.

this week outlined more specific guidlelines for its program in the wake of its 2016 data breach that demonstrated gaping holes in its vulnerability disclosure .

The ride-sharing company last fall revealed that it had paid two $100,000 to destroy driver and rider data they had stolen from a cloud storage location, and that it had failed to disclose the breach for a year. Since then, the company has been working on retooling its bug bounty program to encourage proper disclosure.

The new policy states, in part: “Don’t extort us. You should never illegally or in bad faith leverage the existence of a vulnerability or access to sensitive or confidential information, such as making extortionate demands or ransom requests or trying to shake us down. In other words, if you find a vulnerability, it to us with no conditions attached.”

Read more here.



Dark Reading’s Quick Hits a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

More Insights

Source link


Please enter your comment!
Please enter your name here