MELBOURNE, Fla. — Want to fly around the world for free? Just outsmart the airline.
United Airlines recently awarded one million free frequent flyer miles to two hackers who detected and alerted the company to bugs in its software. That’s equivalent to flying from the U.S. to Europe 33 times.
Now Jordan Wiens, a Florida software vulnerability researcher, can fulfill his dream of flying around the world. Business class.
“That’d be a once in a lifetime opportunity,” he said in an interview with the Washington Post.
— Jordan Wiens (@psifertex) July 10, 2015
The airline’s “bug bounty” program, which offers rewards to hackers who alert the company to defects in its system, is becoming common practice as risks of cyber breaches grow, security experts told the Post. Such contests were initially popular among tech companies like Facebook, Twitter and Dropbox, but now similar programs have been popping up outside the tech field.
United began its program just weeks before the airline’s entire fleet was grounded due to software glitches.
Wiens didn’t intend to enter the contest, but began tinkering with the airline’s software after a friend who entered the program asked for a little advice. After a few hours, Wiens realized he was on to something.
He ended up finding two bugs, one worth one million miles and the other worth 250,000 miles. Contest rules prohibit him from giving specific details on his discoveries, Wiens said.
Finding these bugs, however, doesn’t necessarily mean the company has weak security. In fact, Wiens says, running a program like this attests to the airline’s diligence and progressive view on crowd-sourcing cybersecurity.
“I don’t think United has a bad security posture,” he said. “I think having a bug bounty program speaks to the maturity of their online presence. I hope more companies get in on it.”