Uber invites hackers to test its systems

Uber’s move shows how mainstream companies are increasingly relying on independent computer researchers to help them bolster their systems. It also indicates growing acceptance of the idea that making computer code public can make systems more secure. 

Uber’s “Treasure Map” details the ride-hailing company’s software infrastructure, identifies what sorts of data might be exposed inadvertently and suggests what types of flaws are the most likely to be found. 

“We’re wrapping up a lot of information and posting that to level the playing field so that it could be as easy for outside researchers to find flaws as us,” said Collin Greene, manager of security engineering at Uber. 

“That’s a level of confidence that you have not seen too many closed-source software companies take in the past, and I’m really hopeful that others will follow suit,” said Alex Rice, chief technology officer at HackerOne, which is managing Uber’s bounty program. 

HackerOne, a San Francisco rival called Bugcrowd and other startups have helped accelerate efforts to tap the independent security community to identify serious programming mistakes before criminals or spies do. A decade ago, hackers pointing out problems feared arrest but they can now earn modest sums from platforms like HackerOne.