Tesla Increased the value of its Bug Bounty Program to $10,000

Tesla Increased the value of its Bug Bounty Program to $10,000

Tesla’s CTO JB Straubel showed up on stage at DEF CON in Las Vegas to salute to the researchers Marc Rogers and Kevin Mahaffey who uncovered six serious vulns in the Tesla Model S sedan. The researcher where able to get root access to the Tesla´s system, lock and unlock the car and even activate the emergency brake. The researchers chose the car because "Tesla Model S is an archetype for what all cars will look like in the future."

Tesla increased the value of its bug bounty program to a maximum of $10,000 if a researcher find a command injection flaw or a vertical privilege escalation.

Tesla will investigate legitimate reports and make every effort to quickly correct any vulnerability. To encourage responsible reporting, Tesla will not take legal action against you nor ask law enforcement to investigate you providing you comply with the following Responsible Disclosure Guidelines:

• Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC)
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services
  • Do not modify or access data that does not belong to you
  • Give Tesla a reasonable time to correct the issue before making any information public

Reference(s):

http://www.theregister.co.uk/2015/08/09/tesla_cto_increases_bug_bounty/