News: Uber launches hacker reward program

WM Circle Logo

By: RickFerguson |

Posted on March 24, 2016

Loyalty and reward programmes are successful largely because they incorporate and act upon basic psychological drivers such as the need for we humans on Earth to feel rewarded and to be recognised. As such, the principles of reward and recognition can be applied not just to solve the customer loyalty equation, but also to solve a wide range of business problems. Consider, for example, the ride-sharing service Uber, which recently launched a loyalty promotion to encourage hackers to probe its software platform for bugs. The programme exhibits a number of best practices that other companies would do well to emulate.

The programme, unofficially named the Uber "Bug Bounty" programme, emerged from a successful private beta test to launch publicly. Put simply, the Bug Bounty programme rewards hackers for finding and notifying Uber of security flaws in its mobile applications and back-end software. Rewards are cash-based and can reach up to $10,000 for uncovering the most critical security issues. Here's how the programme works, courtesy of Uber:

  • The first reward programme season begins on May 1 and it will last 90 days.
  • Bounty hunters will be eligible for the reward programme once they have found four issues that have been accepted by Uber as genuine bugs.
  • If they find a fifth issue within the 90 day session, they will get an additional, bonus payout. This will be equivalent to 10% of the average payouts for all the other issues found in that session.

In addition to the cash rewards, Uber plans to make hackers feel like a part of the Uber security team by incorporating recognition elements:

  • Uber has created a treasure map guide to show security researchers how to find the different classes of bugs across our codebase.
  • The company will publicly disclose and highlight the highest-quality submissions so everyone can see the best examples of the kinds of issues that get rewarded.
  • Whenever feasible, Uber will provide researchers with access to new features at the same time that they roll them out to Uber employees.

That, folks, is classic reward and recognition, and the hacker community will no doubt respond favorably. The real secret sauce here is that Uber is involving the hacker community directly into its product development process and rewarding them for their participation. Other companies have crowd-sourced product development; Lego is famous for turning their most ardent fans into designers, and Dell's IdeaStorm site has long turned customer product suggestions into reality.

By welcoming the hacker and security community into the Uber inner sanctum with a solid reward and recognition offering, the company will build loyalty with that community while simultaneously building more secure, stable products to serve their global audience of riders and drivers. That's sophisticated loyalty marketing, and it should pay dividends for Uber for years to come.

- Rick Ferguson

More Info: