Sunday , 19 November 2017
Home >> C >> Communications >> Uber indicted of changing range of bug bounties to equivocate payouts

Uber indicted of changing range of bug bounties to equivocate payouts

Uber not profitable for bounties it pronounced it would, explain reliable hackers

BLACK CAB NEMESIS Uber has combined a new garland of enemies after hackers indicted a organisation of relocating a idea posts on a recently launched bug annuity programme to equivocate profitable for discoveries.

Uber launched a bug annuity programme progressing this week, earnest payouts as high as $10,000 for vicious vulnerabilities.

However, in a few days given launch a association has apparently started changing the scope of how it rates bugs, clearly to equivocate profitable out.

Top rated HackerOne village hacker Sean Melia tweeted that he had seen this occur after submitting a bug:

Some questioned either Melia had found bugs that unequivocally fitting a reward, though he, rather understandably, forked out that if what he found was deliberate within a range of a bug annuity programme during a time of acquiescence a payout should be forthcoming.

Another hacker with a monkier ‘theethicalhacker’ took to Reddit to report a identical case.

“I reported a xss bug and this is a review screenshot Imgur. They eventually sealed my bug and reopened it STATING it was a new current bug, afterwards sealed it again. They certified it was a bug and swindled me out of a payout,” they wrote.

“A billion dollar association refuses to compensate for current bugs. We are seeking for satisfactory diagnosis for a confidence work we do and nobody is holding Uber’s feet to a fire.”

In response Uber pronounced that while it thanked a investigate for a commentary they were low astringency and did not impact a altogether security.

“This researcher found, as he pronounced himself, a collection of low astringency issues. Our bug annuity module financially rewards submissions that have a confidence impact to a system. But we always acquire researchers pity any commentary and we appreciate him for his work.”

Whoever cruise themselves in a right, a incidents will join a flourishing list of gripes white shawl hackers have with bug annuity programmes, such as low payouts, refusal to acknowledge discoveries and regulating bugs but arising rewards. µ



Share this:

close
==[ Click Here 1X ] [ Close ]==