2015 was the year the public perception of automobile safety changed forever… Chris Valasek and Charlie Miller’s notorious Jeep Cherokee hack transformed the idea of the humble automobile into a 2-tonne computer that can be hacked just like any other. In recent years, automakers are realising that hackers just like Charlie and Chris are already at the table, ready and willing to help, and are leveraging the work coming out of this community to make their products safer from cyber threats.
We are excited to announce that Fiat Chrysler Automobiles is joining the ranks of those pioneering this relationship, by becoming one of the first automakers to launch a bug bounty program.
FCA US has always made the security of their cars a top priority, standardizing and innovating security features since 1924 and, notably, in 1988 being the first automotive company to make airbags standard. As the attack surface of cars has expanded from just the physical realm to the cyber world, they take a new approach to product security in their commitment to helping keep drivers and passengers safe. Hear more about the Fiat Chrysler bug bounty.
“We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix it before it becomes an issue for our consumers.”
– Titus Melnyk, Senior Manager, Security Architecture, FCA US.
To that end, Fiat Chrysler has turned to Bugcrowd to tap into the collective creativity of our 30,000+ security researchers, as well as those who aren’t yet members of the Bugcrowd community. Bugcrowd is excited to be part of this historic advancement in automotive security and look forward to supporting the Fiat Chrysler bug bounty program both now and into the future.
You can read additional details on the partnership in the press release we issued today.
Fiat Chrysler Bug Bounty Program Details
- The FCA public bug bounty program is focused on their connected vehicles, including the systems within them; the external services and applications that interact with them.
- Rewards scope – $150 to $1,500
- Requires explicit permission to disclose the results of a submission
- FCA’s program page is available here
Going to DEFCON this year? We’re are teaming up with Fiat Chrysler to sponsor the Car Hacking Village as well as hosting the Car Hacking Village CTF.
FCA joins hundreds of innovative companies running both public and private bug bounties such as Tesla, Western Union, Pinterest and Barracuda. Read more about the companies participating in bug bounties and the security researcher community in our 2016 State of Bug Bounty Report.