Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tesla Rewards Hackers With Bug Bounty

Posted by samzenpus on from the here's-a-few-bucks dept.

An anonymous reader writes: Tesla Motors is offering up to $1,000 to anyone who uncovers security issues on its website. Forbes reports that the program is not yet available for its vehicles however. Using a security crowdsourcing company called Bugcrowd, researchers have found 22 bugs for Tesla so far. A statement on the Tesla Bugcrowd page reads in part: "We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community to participate in our responsible reporting process."

9 of 33 comments (clear)

  1. up to $1K by turkeydance · · Score: 5, Insightful

    or down to nothing.

    1. Re:up to $1K by schlachter · · Score: 3, Insightful

      yeah, will never happen with their cars. way too much risk.

      never understood why companies don't pay out big $$ for these bugs. has to be worth way more than $1K to them.

      --
      My God can beat up your God. Just kidding...don't take offense. I know there's no God.
    2. Re:up to $1K by schlachter · · Score: 2

      you're missing the market. first off, people will not make an effort to find the bugs unless the price is right. plenty of high quality people won't try for $1K, leaving bugs undiscovered, at least by white hats. second, if there isn't decent compensation for finding the bugs, some people will sell them on the black market, where they could go for much much more.

      --
      My God can beat up your God. Just kidding...don't take offense. I know there's no God.
  2. Riiiiiiiight. by mongothesecond · · Score: 3, Insightful

    They want to pay "hackers" less than pen testers, with ambiguous escrow or payout deadlines, and trust that all vulnerabilities found are reported, or reported well. What could possibly go wrong.

    1. Re:Riiiiiiiight. by drinkypoo · · Score: 2

      They want to pay "hackers" less than pen testers, with ambiguous escrow or payout deadlines, and trust that all vulnerabilities found are reported, or reported well. What could possibly go wrong.

      From where I'm sitting, it looks pretty good; people will try to hack them anyway, if people report vulns they can reward them with whatever amount they like, it's cheap to do.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  3. Tesla insults hackers with bug bounty by Anonymous Coward · · Score: 2, Insightful

    $1000 for applying highly specialized skills? UP TO?

  4. Only a thousand bucks??? by Eloking · · Score: 2

    Granted it's a lot better than many other that prefer to sue your ass over discovering security flaw but, compared to some other bounty reward, isn't "up to" 1K$ a little low?

    --
    Elok
  5. View source by lucm · · Score: 2

    Out of curiosity I went to their website and did a view-source. Apparently they use Drupal. So I'm going to add them to my "Uses drupal" bookmark folder for that time when the next Drupal security exploit comes out...

    Also for some reason they use jQuery 1.8. Isn't that version vulnerable to a known XSS exploit?

    --
    lucm, indeed.
  6. Get out your checkbook, Elon ... by PPH · · Score: 3, Funny

    ... my windshield is covered with bugs.

    --
    Have gnu, will travel.