A teenage hacker from the Netherlands has received a million airline miles for finding 20 bugs in the travel business' code base. Unfortunately for him it's United Airlines that's paying out.
Olivier Beg, a 19-year-old security researcher based in Amsterdam, flew into last week's Black Hat and DEF CON security conferences in Las Vegas mostly free thanks to the award, he told the Dutch Broadcast Foundation.
"There are a lot of hackers found vulnerabilities at United," said Beg. "For the most serious I got 250,000 miles."
His flights cost him 60,000 air miles and €5 in airport tax. He didn't say if he drinks booze on aircraft, but United charges for hard liquor on transatlantic flights and – quite frankly – most of us need a drink while putting up with 30 inches of legroom on a long flight and food that tastes not only pre-made but also pre-eaten.
United launched its bug bounty program in May last year, and was mocked in some quarters for refusing to hand out money. Instead, the airline promised travel miles, which – considering United's somewhat lackluster reputation and the fact that they aren't transferable for cash and researchers need to pay rent – made the scheme somewhat unattractive.
Not so, said Beg, who said that he wasn't the only one flying into Las Vegas for free last week courtesy of the scheme. The company has paid out millions in air miles already – but has also come under criticism for failing to respond to bug reports quickly.
Getting free trips is all well and good, but almost every security researcher we spoke to last week gave us the same message – show me the money if you want your bugs reported. ®