Lindsey Glovin, Security Analyst, Product Security
It’s the end of another successful year for bug bounty programs! We’d like to thank all of the security researchers who contributed to Uber’s program in 2018 and share a few details with you about how things are going.
Key stats from the past 12 months:
- $340,498 paid for valid reports (program total: $1.6M+)
- 285 bugs resolved (program total: 1000+)
- 114 researchers rewarded (program total: 600+)
Researchers also had the opportunity to explore new vulnerabilities as Uber’s business continues to expand and diversify. For example, some of the most impactful vulnerabilities reported this year came from HackerOne’s H1–702 event in Las Vegas during DEF CON, the first time we opened up the JUMP platform to our bug bounty program. Our team triaged 62 valid reports and rewarded researchers with more than $104,000 in a single night!
A special thank you to the top winners of the evening: smsecurity, appsecure_in, notnaffy, cablej, rhynorater, avlidienbrunn, anshuman_bh, corb3nik, hogarth45, jackds, and cache_money!
Building on the success of that event, we are thrilled to announce that JUMP is now in scope for Uber’s bug bounty program! If you’re already participating in Uber’s program, all you need to do is create a JUMP account.
Thanks again for a wonderful year of bug bounty! We have some exciting changes coming to our program in 2019, so keep an eye on our scope page.