Tesla Rewards Hackers With Bug Bounty

An anonymous reader writes: Tesla Motors is offering up to $1,000 to anyone who uncovers security issues on its website. Forbes reports that the program is not yet available for its vehicles however. Using a security crowdsourcing company called Bugcrowd, researchers have found 22 bugs for Tesla so far. A statement on the Tesla Bugcrowd page reads in part: "We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community to participate in our responsible reporting process."

Bug bounties in general

[WorldWarPi]

I know Knuth traditionally offers bounties on errors found in Art of Computer Programming and that recently I've heard of several high-profile companies such as Google and Microsoft offer them, but it seems to me that to enter the same game as the cybercriminals and extortionists is one that cannot be won. And it is not only the money: ronin bug finders are not going to be systematic or even able to pore over code and finding errant implementations as the original architects, project leaders and coders. And even the best black box testing has some logic routes way over-tested, while other code is not touched at all. Probably the overall effectiveness goes as the logarithm of the crowd source. Offering bounties is an admission that the coding & testing design is deficient.