Fiat Chrysler Automobiles needs help finding bugs in their vehicles, and they’re willing to pay for your expertise.
The automaker on Wednesday launched a bug country program on the Bugcrowd platform offering hard cash for information about security vulnerabilities in its vehicles and connected services. Fiat Chrysler is willing to pay between $ 150 and $ 1,500 per bug, depending on its impact and severity.
The company said its goal with the new program is to “foster a collaborative relationship with researchers” and encourage the practice of responsible disclosure.
“There are a lot of people who like to tinker with their vehicles or tinker with computer systems”, Titus Melnyk, senior director of security architecture for Fiat Chrysler, said in a statement. “We want to encourage independent security researchers to contact us and share what they have found so that we can fix potential vulnerabilities before they become a problem for our consumers.”
The program comes after security researchers Charlie Miller and Chris Valasek last year exploited a flaw in Fiat Chrysler’s Uconnect system to remotely hack into a jeep, taking Wired writer Andy Greenberg on a thrilling adventure.
The move prompted Fiat Chrysler to recall 1.4 million American vehicles, and the automaker was, understandably, less than happy with the way the researchers disclosed the problem.
“Exposing or publicizing vulnerabilities for the sole purpose of making headlines or promoting themselves does little to protect the consumer,” Melnyk said this week. “Rather, we want to reward security researchers for their time and effort, which ultimately benefits us all.”
Recommended by our editors
Fiat Chrysler specifically looks for bugs in its connected vehicles, including the systems they contain and the external services and applications that interact with them. This includes the company’s Uconnect apps for iOS and Android.
The company has vowed to “investigate the legitimate reports and do everything possible to correct any valid vulnerabilities as quickly as possible.” White hat hackers can visit Fiat Chrysler’s Bugcrowd page for more details on the new program.
Do you like what you read ?
Register for Security watch newsletter for our best privacy and security stories delivered straight to your inbox.