General Motors start bounty hunting

Next story

Image

Makers of fine quality automobiles General Motors have launched a bug bounty program.


Having a bug bounty is a no brainer: paying talented pen testers, programmers and white hat hackers to report, rather than exploit, any holes they are able to find in your software, hardware, or whatever.

General Motors are the newest in a long list of companies to adopt the practice in the past year or so.

What’s interesting is that an automotive company, who is no doubt increasingly moving into ‘smart’ controls for their cars, has actually done this proactively rather than as a response to a breach or hack.


Bug bounties a necessity


Mark James, ESET IT security specialist, explains the value of bug bounties and the risks inherent in smart technology being incorporated with vehicles.

“As we embrace technology everywhere we also need to understand the risks involved: If you’re going to incorporate intelligent systems into your vehicles then you have to make sure they are as safe as possible.

“Especially if there is any integration whatsoever into the running of that vehicle.

“Bug bounties enable very intelligent and resourceful individuals to “rent” their expertise to you on a “per job” basis, finding issues and errors you probably never even knew existed let alone thought about.

“As long as the rules and guidelines are clearly laid down for all to see and adhere to then it can only make the industry safer for all of us.

“We have seen many instances where vehicles have been taken over or forced to do something unintended due to insecure software.”


Have you participated in a bug bounty program?


Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.