General Motors Started New Automotive Bug Bounty Program

General Motors employees and visitors watch a large video monitor outside the GM World Headquarters at the Renaissance Center in Detroit, Michigan to watch the GM 100-year celebration Tuesday, September 16, 2008. GM unveiled the production model Chevrolet Volt electric vehicle at part of the ceremonies. (Photo by Steve Fecht for General Motors)

General Motors have been working out how to produce their best for their customers. In an attempt to beef up their auto security, GM has announced another ‘Bug Bounty Program’ on Friday. They will be bringing in a few select ‘white-hat hackers’ to find bugs in the cars’ software.

General Motors Announces Bug Bounty Program

General Motors takes another step towards improving the security of their computerized cars. While delivering a speech at the Billington CyberSecurity Summit on Friday, Dan Ammann, President GM, announced a bug bounty program.

Reportedly, GM will hire a few ethical hackers to detect various bugs in their cars’ software. These hackers will receive a cash payment for each bug they detect in GM vehicles’ computers.

According to Dan Ammann,

“We’ll show them the products, programs, and systems for which we plan to establish these bug bounties. Then we’ll put them in a comfortable environment, ply them with pizza and Red Bull or whatever they might need … and turn them loose.”

In other words, GM will hand over the hardware to the hired researchers and will hope that in providing a comfortable environment for them these researchers can then work over several weeks finding problems in the system.

GM will hire a small team of white-hackers comprising around 10 members. For this, GM has already contacted a few researchers. As stated by Jeff Massimila, Vice President Global CyberSecurity at General Motors,

“They are white-hat researchers who we’ve established relationships with through our coordinated disclosure program.”

GM started its Coordinated Disclosure Program two years ago as an open program for all. However, GM did not pay the researchers who contributed to this program. Yet, it seems that those researchers who persistently helped GM will now get recognition for their work.

GM Will Employ The ‘Best Possible Team’ To Work On Their Systems

In his speech at the Summit held at Cobo Center in Detroit, Ammann explained why GM has planned for such an investment in auto security.

“One cyber incident could stymie (autonomous vehicle) deployment altogether, or at least delay it for a long time. The public and policymakers would view a major cybersecurity incident involving any one of us as an incident involving all of us,” said Ammann. “ The overall threat level and so on is only going to grow from here, which is why we’re putting so much energy and resources into getting ahead and staying ahead.”

Furthermore, he expressed the company’s plans to set up the ‘best-possible, most talented team’ to work on. It will also include third-party researchers.

“Not just inside the company but also taking advantage of third-party researchers, taking advantage of third-party expertise from multiple different places, working together across the industry to collaborate to make sure we have all the best minds working on this issue.”

However, the GM officials declined to comment regarding the amount they will pay to the researchers as bounty.

Let us know what you think in the comments section.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients