Skip to main content

Uber Launches First of its Kind Hacker Loyalty Program with HackerOne Bonuses

  • March 22nd , 2016

We are excited to share that Uber is launching its public bug bounty program today on HackerOne. Additionally, Uber and HackerOne collaborated to create a new way of rewarding hackers called bonuses, which enables security teams to give additional monetary awards to hackers beyond initial bounties. The Uber loyalty program will utilize HackerOne bonuses for additional incentives in its public program.

HackerOne & Uber

The Uber loyalty program begins on May 1, and runs for a 90 day season. Uber's first-of-its-kind loyalty program offers hackers even more opportunities to earn rewards. Within the season, a hacker begins earning a bonus for the 5th resolved issue that earns a bounty. The bonus amount will be calculated by taking 10% of the average of the first four bounties awarded to the hacker. The hacker will continue earning bonuses for additional resolved and rewarded issues until the end of the season. With this loyalty program, Uber is rewarding hackers for continuing to focus on its program.

The bonuses feature is available for immediate use by any team hosting a bounty program on HackerOne. Bonuses can be used to recognize hackers for positive actions beyond finding valid vulnerabilities. The new feature creates more ways for hackers to earn rewards on HackerOne, and for security teams to offer more flexible incentives. In addition to Uber's loyalty program, below are some ways that companies can use HackerOne Bonuses.

High Quality Report Bonus

Did you receive a report from a hacker that was exceptionally useful? Reward a bonus in addition to the bounty, to show them that they went above and beyond the call of duty. Teams can also publicly disclose these reports to show other hackers the kind of report that can earn a bonus.

Specific Request Bonus

Did a hacker help you verify that an issue was resolved appropriately, or format the report according to your instructions? Awarding a bonus is a great way to positively reinforce the kind of behavior you find most helpful from hackers.

Promotion Bonus

The bonus feature makes it easy for teams to run a promotion during a specific time frame, or add extra incentives for issues found within a desired product or feature. Use bonuses to offer additional incentives to focus hackers on the scope you care about most.

Getting Started with Bonuses

When you resolve a report in HackerOne, you will now see a new field next to the bounty reward field where you can assign a bonus. For public programs, awarded bonuses will display in the hacktivity stream. Teams can easily track bonus rewards and top contributors without impacting the market rates for vulnerabilities. Bonuses earned do not impact hacker reputation.

Bonus feature

If you have other ideas for how to use bonuses or feedback about the feature, we'd love to hear from you. As always, please feel free to contact us at feedback@hackerone.com. For specifics on Uber's program, like the treasure map, check out Uber's blog and the Uber security page.

Recent articles

Announcing The Largest DoD bug bounty challenge ever: Hack The Air Force

The Air Force is asking hackers to take their best shot following the success of Hack the Pentagon and Hack the…

Zero Daily Newsletter: Fun, yet informative, AppSec, bug bounty, and hacker news

Read the news every day, and check the usual websites? Want to get your industry news and have a little humor…

More Hardware, More Problems

Bounties are for hardware, too. Microwaves notwithstanding, there is an increasing amount of connected…