General Motors turns key on bug bounty program

With a zillion suppliers under the hood of most cars, this could get interesting

6 Reg comments Got Tips?

General Motors (GM) has opened a bug bounty program to allow hackers to report vulnerabilities in its vehicles.

Vulnerability reporting guidelines are stringent; GM agrees not to "pursue claims" against researchers if bug hunters do not harm or violate the privacy of GM or its customers, drop a zero day, or breach criminal law.

The bounty launched late last week will be a complex beast for GM given the number of vendors supplying software components to vehicles.

Overseeing the program is GM cyber-security boss Jeffrey Massimilla appointed in 2014.

Together the appointment and bug bounty bring the automotive giant more in-line with recommendations of the I am the Cavalry hacker group which has pushed for improved security controls in the automotive and health sectors.

The amount of money GM is offering is not known. Vulture South has made inquiries of the motor-maker and will update this story if it puts its money where its mouth is. ®


Biting the hand that feeds IT © 1998–2020