Jordan Wiens, owner of security firm Vector 35, says he was the one who reported United's web-security breaches to the company, pointing out weaknesses that could allow hackers to seize the company’s website. The carrier, however, hasn’t confirmed this information.
Wow! @united really paid out! Got a million miles for my bug bounty submissions! Very cool. pic.twitter.com/CEclmhmyUq
— Jordan Wiens (@psifertex) 10 июля 2015
United Continental Holdings Inc. runs a "bug bounty” program that rewards Internet users who report security holes straight to the company rather than sharing the “flops” online. This arrangement costs the airline less than hiring high-profile consultants. Some experts are calling the program a “big step forward for online security.”
"Schemes like this reward hackers for finding and disclosing problems in the right way. That makes the internet safer for all of us," security consultant Dr. Jessica Barker told BBC News.
Giants in the IT industry such as Yahoo, Google and Facebook are well known for using similar “bug bounty” programs. They also forbid hackers from revealing what kind of problems the company had after they’re rewarded.
#Google announces new bug bounty program for #Android http://t.co/Rj3JTb7ZYg pic.twitter.com/pi3TGVaNsi
— SD Times (@sdtimes) 29 июня 2015
AVG begins bug bounty program http://t.co/YgIgnl5wnz pic.twitter.com/O7rJ7EGEMq
— AVGFree (@AVGFree) 3 июля 2015
"Bug bounties are common in tech companies as they tend to understand online security a bit more, but other industries are catching up," Barker said.
United announced the launch of the program in May. At least two cybersecurity disasters have befallen the carrier, including an incident in which operators were locked out of its reservations system, hampering the ability of travelers to check in for flights, and another in which the functionality of the software United uses to dispatch its flight plan was zapped.
