One of the Unites State’s biggest airlines, United Airlines, has rewarded two hackers who spotted major security holes in its website. The airline has given the two hackers one million free flight miles each.
The airline operated a “bug bounty” scheme that rewards hackers for privately disclosing security flaws instead of sharing them on the internet. They have awarded the maximum reward of one million free flight miles, which is equal to over a dozen trips to these two hackers.
Security experts say that this scheme is a big step towards better online security. This program of rewarding hackers for disclosing problems in the correct way makes the internet safer for everyone.
BUG BOUNTIES ARE VERY COMMON TO TECH COMPANIES
Programs like these are very common in technology companies as they learn more about internet security more. Industries other than tech companies are also learning the importance of big bounty programs.
The idea of a responsible disclosure that reports issues and gives companies time to correct them isn’t really new. Major companies such as Google, Facebook and Yahoo have been offering cash incentives to hackers that report bugs for quite some time.
THE HACKERS CANNOT DISCLOSE THE BUG THEY FOUND
In return for their free flight miles, the hackers are required to not disclose the nature of the security holes that they found. United Airlines made a statement saying that they believe the program will help boost security and allow them to continue to provide quality services.
MUCH CRITICISM TOWARDS BUG BOUNTIES
Many critics of bug bounties believe that they discourage companies from hiring an actual professional security staff, because it is much cheaper to offer cash and incentives to hackers. Officials at United Airlines said that it isn’t always about the hackers looking for an issue, but they can come at any time. They also said that the bug bounties are a part of the efforts for an overall approach to security. Supporters of bug bounties say that they also benefit those smaller companies that cannot afford to give out cash, but free services and products. Supporters also say that this encourages positive behavior and shows young hackers that they can positively benefit form doing what’s right.
