United Airlines Bug Bounty Program - Up to 1,000,000 points
#1
Original Poster
Join Date: Jun 2014
Posts: 290
United Airlines Bug Bounty Program - Up to 1,000,000 points
http://www.united.com/web/en-US/cont...ugbounty.aspx?
Pretty interesting. I'm sure there are plenty of bugs to be found
Pretty interesting. I'm sure there are plenty of bugs to be found
#2
Join Date: Mar 2015
Location: NYC (Primarily EWR)
Programs: UA 1K / *G, Marriott Bonvoy Gold; Avis PC
Posts: 9,005
http://www.united.com/web/en-US/cont...ugbounty.aspx?
Pretty interesting. I'm sure there are plenty of bugs to be found
Pretty interesting. I'm sure there are plenty of bugs to be found
#5
Moderator: Luxury Hotels and FlyerTalk Evangelist
Join Date: Sep 2002
Location: Palo Alto, California,USA
Posts: 17,856
I'm not so sure it's a great idea given the award is in miles. I'm not a lawyer or accountant, but I am willing to bet that for US citizens or residents, the IRS would view this as earned income. That means that your bounty would be in miles -- but you'd have to pay taxes on that bounty, including social security and medicare, in cash.
Not very inviting!
Not very inviting!
#6
FlyerTalk Evangelist
Join Date: May 2007
Location: Houston
Programs: UA Plat, Marriott Gold
Posts: 12,693
A good idea, since their website has access to so much.
Program doesn't include the display of incorrect information... there goes so many bugs.
Program doesn't include the display of incorrect information... there goes so many bugs.
Last edited by mduell; May 14, 2015 at 6:43 pm
#7
Join Date: Jun 2007
Location: YVR SFO
Programs: UA G
Posts: 4,866
Huge props to UA for setting this up (though it's a shame they didn't use HackerOne to manage it). In the past, reporting vulnerabilities involved "knowing a guy" to email and hope that your malicious URL didn't get nabbed by the spam filter.
^
^
#9
Join Date: Dec 2004
Programs: UA-1K, MM, Hilton-Diamond, Marriott-Titanium
Posts: 4,432
http://www.united.com/web/en-US/cont...ugbounty.aspx?
Pretty interesting. I'm sure there are plenty of bugs to be found
Pretty interesting. I'm sure there are plenty of bugs to be found
#10
Join Date: Jun 2007
Location: gggrrrovvveee (ORD)
Programs: UA Pt, Marriott Ti, Hertz PC
Posts: 6,091
#11
Join Date: Sep 2010
Location: San Francisco Bay Area
Posts: 5,825
I hereby propose that we rename this program, giving credit to the flyertalker who assiduously complains their way through seemingly every interaction they make with United's clunky, old, and error ridden systems...
From this point forward, we will refer to this United program as:
From this point forward, we will refer to this United program as:
"The Channa Challenge"
#12
Original Poster
Join Date: Jun 2014
Posts: 290
I'm in the Bay Area and work in tech. Not a hacker myself, but was sent a link to this earlier today.
This isn't exactly a program the masses need to know about, so not something they'd casually blast to their entire customer base. It's designed for hackers/white hats....many of whom I've heard argue that this is far too low in terms of compensation for the work of a skilled security consultant!
This isn't exactly a program the masses need to know about, so not something they'd casually blast to their entire customer base. It's designed for hackers/white hats....many of whom I've heard argue that this is far too low in terms of compensation for the work of a skilled security consultant!
#13
Join Date: Sep 2008
Posts: 812
I'm in the Bay Area and work in tech. Not a hacker myself, but was sent a link to this earlier today.
This isn't exactly a program the masses need to know about, so not something they'd casually blast to their entire customer base. It's designed for hackers/white hats....many of whom I've heard argue that this is far too low in terms of compensation for the work of a skilled security consultant!
This isn't exactly a program the masses need to know about, so not something they'd casually blast to their entire customer base. It's designed for hackers/white hats....many of whom I've heard argue that this is far too low in terms of compensation for the work of a skilled security consultant!