Tesla is ready to reward people, but not the ones buying their vehicles. This time they will reward those who can find weaknesses on their website on the Bugcrowd platform. Offers range from $25 to $1000 for each find, nothing has been announced for its vehicles yet.
The biggest offer, which is $1000, is not even near some of the rewards that Google and Facebook have offered in the past, but the car company is not as big on the web as the other two, they focus on making vehicles.
The electric car maker has been congratulated by the security community for working with hackers. The process won’t be difficult and the company has a site to report these finds. “We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community to participate in our responsible reporting process,” the blurb on Bugcrowd read.
Site and Email
Those who find vulnerabilities can only report on the official website, tesla.com, and must give the car maker “a reasonable time to correct the issue before making any information public”. The company has also released a list on the problems that can’t be reported as well as the smaller ones that can be.
The site will be used for those who find weaknesses in the page and not the cars. If you find a problem in a Tesla vehicle you have to email them at firstname.lastname@example.org. The company has not said if they will reward the people who find issues or bugs in its cars or other products.
In the past, the car maker has been notified of issues in their cars but have not named or given credit to the person or group. There is only one that is known of, and that is Qihoo 360, who was given $10,000 for winning a non-official competition to hack one of their vehicles.
What About a Reward For Vehicles?
A reward for those who find bugs or any problems in their vehicles would be a nice move for the company and car industry. Maybe this would change the way big companies see the subject and make their vehicles and products a lot safer. Some of the big companies have kept their issues quiet, even though experts have been exposing them for years. Tesla seems to be doing things differently. Most manufactures actually go against people who experiment with their cars.
Ted Harrington, executive partner at Independent Security Evaluators, believes manufacturers should explore other options to save lives. “When it comes to security research, the stakes are the highest when human lives are involved. Securing the connected car is about more than just protecting data; it is about protecting lives. In that vein, auto manufacturers should be going to extreme lengths to harden their systems against the most sophisticated adversaries.
“In order to fully understand and mitigate risk, a system must go through ongoing, thorough, manual white box security assessment. With lives at stake, auto manufacturers in the era of the connected car should consider robust security assessment a business-critical mandate.”
Even though this is not confirmed, sources say Tesla is planning to hold a hacker conference in August for its vehicles and components. The company has denied those claims, but it wouldn’t be a bad idea.