The flight provider operates a "bug
bounty" scheme that rewards hackers for
privately disclosing security flaws rather
than sharing them online.
It has given the maximum reward of a
million flight miles, worth dozens of trips,
to two people.
One security expert said the scheme was a
big step forward for online security.
"Schemes like this reward hackers for
finding and disclosing problems in the
right way. That makes the internet safer
for all of us," said security consultant Dr
Jessica Barker.
"Bug bounties are common in tech
companies as they tend to understand
online security a bit more, but other
industries are catching up," said Dr
Barker.
Cash incentives
The idea of responsible disclosure,
reporting issues and giving companies
time to fix them, is not new.
Big technology companies such as Yahoo,
Google and Facebook offer hackers cash
incentives to report bugs privately.
In return for receiving their flight
rewards, hackers are forbidden from
revealing the nature of the security holes
they discovered.
"We believe that this program will further
bolster our security and allow us to
continue to provide excellent service,"
United said on its website.
The company declined to comment
further.
"It's not always about hackers digging
around looking for flaws. A hacker may be
using a service and notice something a bit
off," said Dr Barker.
"We all benefit if they look into that," she
added.
Some critics of bug bounties say they can
discourage companies from hiring
professional security staff, because it's
cheaper to offer hackers cash for
disclosing bugs.
Dr Barker disagrees: "It should be part of
an overall approach to security, but it's
definitely a good approach.
"It encourages positive behaviour and
shows young hackers that they can benefit
from doing the right thing.
"Bounties can also benefit smaller
companies who can't afford to give out
cash rewards but can offer free products
or services, so I hope we'll see more and
more bug bounties," she said.
bounty" scheme that rewards hackers for
privately disclosing security flaws rather
than sharing them online.
It has given the maximum reward of a
million flight miles, worth dozens of trips,
to two people.
One security expert said the scheme was a
big step forward for online security.
"Schemes like this reward hackers for
finding and disclosing problems in the
right way. That makes the internet safer
for all of us," said security consultant Dr
Jessica Barker.
"Bug bounties are common in tech
companies as they tend to understand
online security a bit more, but other
industries are catching up," said Dr
Barker.
Cash incentives
The idea of responsible disclosure,
reporting issues and giving companies
time to fix them, is not new.
Big technology companies such as Yahoo,
Google and Facebook offer hackers cash
incentives to report bugs privately.
In return for receiving their flight
rewards, hackers are forbidden from
revealing the nature of the security holes
they discovered.
"We believe that this program will further
bolster our security and allow us to
continue to provide excellent service,"
United said on its website.
The company declined to comment
further.
"It's not always about hackers digging
around looking for flaws. A hacker may be
using a service and notice something a bit
off," said Dr Barker.
"We all benefit if they look into that," she
added.
Some critics of bug bounties say they can
discourage companies from hiring
professional security staff, because it's
cheaper to offer hackers cash for
disclosing bugs.
Dr Barker disagrees: "It should be part of
an overall approach to security, but it's
definitely a good approach.
"It encourages positive behaviour and
shows young hackers that they can benefit
from doing the right thing.
"Bounties can also benefit smaller
companies who can't afford to give out
cash rewards but can offer free products
or services, so I hope we'll see more and
more bug bounties," she said.
Comments