General Motors Doubles Cybersecurity Efforts with Bount Bounty Program



<div _ngcontent-c14 = "" innerhtml = "

Dan Ammann, President of General Motors. (Image credit: Patrick T. Fallon / Bloomberg)

General Motors president Dan Ammann said Friday that the company would ask a group of security researchers to look for security bugs and vulnerabilities in its products. The Detroit News reported that Ammann disclosed:

GM plans to offer a cash payment for every "bug" found in this & nbsp; new Bug Bounty program.

We will show them the products, programs and systems for which we plan to build these bug premiums, "Ammann said." Then we'll put them in a comfortable environment & nbsp; – & nbsp; we'll serve them pizza and Red Bull or whatever else they may need & nbsp; – & nbsp; and we will free them. "

Encouraging outsiders to search for loopholes is a counter-intuitive but common safety technique. Similar to a beta test program, the goal is that user-friendly "white hat" hackers could identify issues related to GM products, share those findings with the company and give GM time to resolve them.

The next Bug Bounty program seems to follow a similar program launched by General Motors in 2016, in partnership with the security platform HackerOne. As part of this program, GM is committed to not prosecuting security researchers for pirating GM products, provided that they comply with a number of provisions, such as do not reveal the vulnerability until GM has presented a solution.

The program announced by Ammann on Friday seems more focused than the previous GM Bug Bounty program in 2016. & nbsp;Latest hacking news reports that only about 10 security researchers will participate. However, the selected team of researchers will benefit from privileged access to GM products and systems, as well as additional support from the company, in the form of: "pizza and Red Bull or whatever they could need, "according to Ammann.

The safety of autonomous ride-on vehicles is a complex problem. These vehicles will have both digital and physical "attack surfaces", industrial term for points where a hacker could enter the system. By definition, autonomous carpooling provides passengers with physical access to a shared vehicle, in the absence of a driver or human operator. A malicious user could exploit this unsupervised physical access to retrieve data on previous passengers or alter the experience of future passengers.

To combat these security problems, car companies are working on security measures ranging from monitor the interior of a vehicle at locking network access.

Reports do not indicate that Ammann enumerated the specific approaches adopted by General Motors, but he stressed the importance of the issue:

A cyber incident can hinder the deployment (autonomous vehicle) or, at least, delay it. The public and policy makers would consider a major cybersecurity incident involving one of us as an incident involving each of us. "

">

Dan Ammann, President of General Motors. (Image credit: Patrick T. Fallon / Bloomberg)

General Motors president Dan Ammann said Friday that the company would ask a group of security researchers to look for security bugs and vulnerabilities in its products. The Detroit News reported that Ammann disclosed:

GM plans to offer a cash payment for every "bug" found in this new Bug Bounty program.

We'll show them the products, programs, and systems we're planning to set these bug premiums on, "said Ammann," and then we'll put them in a comfortable environment – use pizzas, Red Bull, or whatever you can to need – and detach them. "

Encouraging outsiders to search for loopholes is a counter-intuitive but common safety technique. Similar to a beta testing program, the goal is for friendly hackers to identify problems with GM products, share them with the company, and give them the time to resolve them.

The next Bug Bounty program appears to follow a similar program launched by General Motors in 2016, in partnership with the HackerOne security platform. As part of this program, GM is committed to not prosecuting security researchers for pirating GM products, provided that they comply with a number of provisions, such as do not reveal the vulnerability until GM has presented a solution.

The program announced by Ammann on Friday seems more focused than the previous GM Bug Bounty program in 2016. Latest hacking news reports that only about 10 security researchers will participate. However, the team of selected researchers will benefit from privileged access to GM products and systems, as well as additional support from the company, in the form of "pizza and Red Bull" or whatever they might need, "according to Ammann.

The safety of autonomous ride-on vehicles is a complex problem. These vehicles will have both digital and physical "attack surfaces", an industrial term for points where a hacker could enter the system. By definition, autonomous carpooling provides passengers with physical access to a shared vehicle, in the absence of a driver or human operator. A malicious user could exploit this unsupervised physical access to retrieve data on previous passengers or alter the experience of future passengers.

To combat these safety problems, car manufacturers are working on safety measures ranging from monitoring the interior of a vehicle to closing the access to the network.

Reports do not indicate that Ammann enumerated the specific approaches adopted by General Motors, but he stressed the importance of the issue:

A cyber incident can hinder the deployment (autonomous vehicle) or, at least, delay it. The public and policy makers would consider a major cybersecurity incident involving one of us as an incident involving each of us. "