After launching HackerOne in 2016 to find vulnerabilities, GM is taking its friendly hacker program to the next level. The automaker announced last Friday that it will officially launch its “bug bounty” program with a team of 10 researchers, Automotive News reported.
The initiative will hand off the programs, products and systems to the researchers that are eligible for bounties and GM will let them get to work. GM President Dan Ammann joked, “We’ll put them in a comfortable environment—ply them with pizza and Red Bull or whatever they might need—and we’ll turn them loose.”
The 10 individuals were chosen from more than 500 researchers who participated in GM’s vulnerabilities program. The bug bounty initiative takes things a step further after 700 vulnerabilities were found since HackerOne began in 2016.
“The overall focus, threat level and so on is only going to grow from here, which is why we’re putting so much energy and resources into getting ahead, and staying ahead, and iterating rapidly,” Ammann added.
Researchers will receive “large sums of money” for finding bugs, but GM did not specify how much it plans to pay an individual for discovering a bug. The program is expected to begin in late summer.
Comments
I think they’ve been doing that (unofficially) for a few years …
‘White hat’ hackers were able to worm into OnStar (white hats are the good guys) … and they disabled a moving Jeep on the road in St Louis.
Anyway, good to make it an official initiative …
‘Roles out’…? Does anyone proof-read?
So it is quite possible then, in theory, for a ‘black hat’ hacker to discover a vulnerability and ‘sell’ that info to one of the ‘white hat’ hackers in this program for a fee? Nice one.
Or just sell it to the highest bidding Bond Villian on the Dark Web. 🙂