Teenager gets 1m air miles for discovering United bugs

Dutch security researcher gets mammoth payout as part of United Airlines' bug bounty programme

United Airlines has gifted a Dutch teenager with one million air miles after he discovered around 20 vulnerabilities in the company's systems.

According to the Dutch Broadcast Foundation, 19-year-old security researcher Oliver Beg used part of his reward to fly to the Black Hat and DEFCON security conferences in Las Vegas.

Advertisement - Article continues below

"There are a lot of hackers found vulnerabilities at United," he said. "For the most serious I got 250,000 miles." The round trip from Amsterdam to Las Vegas cost Beg 60,000 of his air miles, meaning that he could do the trip 15 more times and still have change left over.

The massive payout comes as part of United's bug bounty programme, which the company established last year. Bug bounties encourage security researchers to disclose flaws by offering rewards for reporting them and have been updated by major tech companies like Google, Facebook and - most recently - Apple.

However, while most companies simply offer cash rewards, United's programme offers air miles instead. This tactic has been criticised by some, who have suggested that researchers may not have as much use for air miles as for cold, hard cash.

On the other hand, Beg claimed that other attendees at the conferences had also travelled out using air miles from United's bounty programme. The company has already paid out bounties to several researchers, although only one other person has received a million-mile total.

Advertisement
Advertisement - Article continues below

Regardless of whether or not it's better to reward researchers with miles or money, the majority of experts agree that having some form of bug bounty programme is better than nothing.

Advertisement

Recommended

Visit/security/cyber-security/355185/165-million-britons-experienced-a-cyber-crime-in-the-past-year
cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Visit/cloud/amazon-web-services-aws/355183/aws-launches-amazon-detective
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020
Visit/security/privacy/355182/government-to-launch-coronavirus-contact-tracking-app
privacy

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020
Visit/software/video-conferencing/355180/zoom-does-not-use-end-to-end-encrypted
video conferencing

Zoom admits meetings don't use end-to-end encryption

1 Apr 2020

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020
Visit/business-strategy/flexible-working/355186/why-were-lucky-covid-19-has-come-now
flexible working

Why we’re lucky COVID-19 has come now

3 Apr 2020