United Airlines has become the first airline to start a bug bounty program, offering air miles for for remote code execution bugs, authentication bypasses, timing attacks, etc.
Only members of its MileagePlus program can apply, so bug hunters who aren’t will have to become members before sending in their submission.
The bug bounty program encourages researchers to find vulnerabilities in the company’s customer-facing websites, its app, and third-party programs loaded by united.com or its other online properties.
Bugs that only affect legacy or unsupported browsers, plugins or operating systems will not be taken into consideration for rewards, and so will not bugs on the company’s internal sites, partner sites, or bugs on onboard Wi-Fi, entertainment systems or avionics.
Source: United Airlines offers air miles for vulnerability information