Congratulations to the 2 winners of 1 million air miles for finding vulnerabilities in United Airlines software, websites, and systems. I fly a lot and appreciate all efforts to make commercial travel safer.
Bug bounty programs are becoming very popular among technology firms. Apple, Google, Microsoft, and Facebook, all leverage the talent of independent security researchers to augment their own quality assurance staff. Normally, bounties are paid out in thousands of dollars as rewards. Rarely, they can even reach a million dollars for unknown severe vulnerabilities.
United Airlines is different. There is a certain brilliance in their bug-bounty reward structure. Instead of dollars, the payouts are in air-miles. Basically the researchers are getting free travel on the very airline they made more secure. Smart!
Reminds me of when the US Army made parachute packers regularly make jumps with random samples of their own work. Suddenly the quality of packed parachutes went up and fatalities in the field went down.
Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.