Friday 5 June 2015

Tesla Will Pay You Up To $1000 To Break Their Website — But Don’t Try It On The Cars


If there is one truism we can count on in the digital era, it is that everything has bugs. No matter how carefully designed or nominally secure something is, someone, somewhere, can find a vulnerability in it.

Thus the development of the “bug bounty.” If you can’t beat ’em, join ’em: go ahead and encourage people to find flaws in your software, and then give them lots of money when they turn those flaws over to you. It’s a simple way to tackle a whole bunch of problems at once: with crowdsourced QA, you get more eyes looking. And with a bounty attached, you make it easy, lucrative, and desirable for the hackers who find them to be helpful white-hat types who clue you in instead of selling or abusing the information.

Electric automaker Tesla is now the newest tech company to offer a bug bounty program to its users, Forbes reports. The car (and energy) company is using an online platform called Bugcrowd to offer users between $25 and $1000 for every vulnerability they find.

Like United, however, Tesla is only asking bug hunters to look for vulnerabilities in their website — not in their vehicles. Anyone who does find a vulnerability in the car’s software is requested to contact Tesla directly, instead of using the crowdsourced platform.

As Forbes suggests, tampering with a website is one thing — but tampering with a car is another. Accidentally crashing a website doesn’t kill people. Messing with the systems under the hood of the hardware, so to speak, could be much more risky. And if someone does muck around with their car software at Tesla’s urging, and someone is hurt or killed as a result, Tesla could find itself in hot legal water.

Tesla Offers To Pay Hackers $1,000 To Find Its Web Weaknesses, But What About Its Cars? [Forbes]


by Kate Cox via Consumerist

No comments:

Post a Comment