Uber, the on-demand ridesharing company is celebrating 1st Anniversary of its Bug Bounty Programme. The bug bounty program works with security researchers all over the world to fix bugs, even when they don’t directly impact our users. We appreciate the ongoing contributions of the 6 researchers in India and were happy to reward them for their excellent report.
In last one year, During the past 12 months, Uber has paid more than $860,000 USD to researchers all over the world for helping us improve the security of our products and services! More than 500 security researchers around the world participated in our bug bounty program. The following 26 countries will be recognized for being home to at least one of our top 50 researchers (in alphabetical order): Australia, Bangladesh, Belarus, Belgium, Brazil, Bulgaria, Canada, China, Egypt, Finland, France, India, Israel, the Netherlands, Nigeria, Pakistan, Poland, Portugal, Russia, Sweden, Taiwan, Turkey, Ukraine, the United Kingdom, the United States, and Vietnam.
In this Bug Bounty, 6 researchers from India have made it in the top 50 list for the year, here are their details
- @parth
- @apara
- @anand_prakash
- @w0rmcilli
- @deepankerchawla
- @vijay_kumar1110
Metrics and Milestones
Here are some key updates on where the program currently stands:
- Uber has paid researchers more than $860,000 USD since public launch in 2016.
- During the past year, security researchers helped uber identify and fix more than 500 bugs across Uber’s portfolio of products and services.
- Our Signal to Noise Ratio (SNR) improved by 30% since August 2016. Uber’s SNR is now 1:5.
Remarkable Bugs
- Privilege escalation in uSSH
- SQLi in vendor product
- Ride for free on Uber
Follow us on twitter for more news and updates.