Uber Security
Mar 27 · 2 min read

Lindsey Glovin, Senior Security Analyst, Product Security

Hello Hackers!

Since our program launched nearly three years ago, we’ve seen a ton of unique exploits and impressive hacks. Some of our favorites can be found here and here.

Today, we’re announcing new bonuses for reports submitted during the months of April and May 2019. Specifically, for all high or critical severity reports, we’ll award a $1000 bonus for each separate bug used in a chain of vulnerabilities.

Here’s how it works:

  • Each bug MUST be required in the chain to qualify for the bonus
  • Extra bugs included in the report that are not required to exploit the vulnerability do not count toward bonus.
  • If the overall vulnerability does not meet High or Critical severity, it will receive a normal bounty [does not qualify for this promotion].

To top it off, we’ve got some extra bonuses for reports you submit in April and May:

  • Report with the longest chain: + $5000
  • Most impactful report: + $5000
  • Most unique exploit: + $2500

All bounties will be paid normally in April and May regardless of whether or not they qualify for this promotion. We will award bonuses for all qualifying reports and determine extra bonus winners by June 14th.

We can’t wait to see what you come up with. Happy Hacking!

Uber Security + Privacy

Insights and updates from Uber’s security and privacy teams

Uber Security

Written by

Uber Security + Privacy

Insights and updates from Uber’s security and privacy teams

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade