Detroit – General Motors Co. offers a bounty on bugs in its vehicle software.
Detroit-based automaker plans to bring in a small group of “white hat” hackers this summer to search for security vulnerabilities in the company’s software and vehicles, President Dan Ammann said in a speech on Friday. keynote at the Billington Automotive CyberSecurity Summit.
GM plans to offer cash payment for each “bug” found in this new Bug Bounty program.
âWe will show them the products, programs and systems for which we plan to establish these Bug Bounties,â said Ammann. âThen we’ll put them in a comfortable environment – use them with pizza and Red Bull or whatever they might need – and let them go. “
The small group of researchers – probably less than 10 people – will all know about GM’s software before the event.
The Detroit automaker only plans to use “white hat researchers with whom we have established relationships through our disclosure program,” said Jeffrey Massimilla, GM vice president of global cybersecurity.
In its efforts to address the challenges of automotive cybersecurity, GM has already established what it calls the Security Vulnerability Disclosure Program. More than 500 researchers have participated in the program to identify and resolve more than 700 vulnerabilities, Ammann said.
The collaborative disclosure program also includes communications with the National Highway Traffic Safety Administration, the Federal Trade Commission, and other government agencies.
Cyber ââsecurity is a significant security issue as we approach a future where driverless cars roam the roads, but in the short term it’s also a key part of progress.
âA cyber incident could completely hamper the deployment of an (autonomous vehicle), or at least delay it for a long time,â Ammann said. “The public and policy makers would view a major cybersecurity incident involving one of us as an incident involving all of us.”
Perhaps the most famous incident of an automotive cybersecurity breach was the remote takeover of a Jeep Cherokee by two hackers in 2015. GM Cruise, the automaker’s autonomous driving unit, then hired these pirates.
âThe overall threat level will only increase from here, which is why we are devoting so much energy and resources to moving forward and staying ahead,â Ammann told reporters after his speech. He said GM was looking to bring together “the best and most talented team possible to work on this topic. Not just within the company, but also by taking advantage of third-party researchers, taking advantage of third-party expertise. from several different places “.