Uber Begins Asking "White Hats" To Find Vulnerabilities


The practice of finding vulnerabilities and exploits in the high-dollar, highly engineered software used by big companies has long been an act that you performed only if you were sure you could stay anonymous while reporting, or you planned to use your findings for less than savory pursuits. Lately, however, a movement toward the acceptance of hacking into systems and reporting your findings, or "white hat hacking", has been picking up steam in the corporate world. Some of the bigger names out there, even Google themselves, are rewarding independent security researchers for finding holes in their own software and reporting the exploits to them to be patched. Uber is the latest company to jump on the bandwagon, however they've upped the ante by providing would-be white hats not only the promise of a reward, but a detailed road map for reference on their exploit-hunting journeys.

Uber is offering researchers a "treasure map" that shows the intricate details of how their backend data system works, as well as a sort of field guide that details the kind of information to look out for and the kind of flaws that have a decent chance of being found. The inner workings of a company's proprietary software being laid bare in such a manner is something not often seen in the tech space, at least outside of the open-source world. Uber's assistance to aspiring hackers shows a fair bit of confidence in the security of their systems, as well a a willingness to work closely with any exploit finders.


This move may well set a precedent for other companies to follow, mirroring the open-source mentality of letting the very crowd capable of compromising a product help to secure the product. The move toward this mentality, if it happens, will likely be very slow and gradual, especially with the current nationwide emphasis on security in the United States and the debates that it's spawned. Various startups, such as HackerOne and BugCrowd, tend to act as a go-between for researchers and companies. They also normally score contracts that give them access to pre-release software. Slowly but surely, outfits like this are helping to usher in the age of crowdsourced security research.

Share this page

Copyright ©2016 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments