Cal Energy to award up to $4M for off-road heavy-duty natural gas vehicle research and development
2016 Billion Ton Report shows US could sustainably produce at least 1B tons biomass by 2040 for bioeconomy

FCA US launches bug bounty program to advance vehicle cybersecurity

Reflecting the rapidly increasing convergence of connectivity technology and the automotive industry, FCA US LLC has launched a public bug bounty program on the Bugcrowd platform to enhance the safety and security of its consumers, their vehicles and connected services.

There are a lot of people that like to tinker with their vehicles or tinker with IT systems. We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix potential vulnerabilities before they’re an issue for our consumers.

—Titus Melnyk, senior manager - security architecture, FCA US LLC

The FCA US bug bounty program leverages Bugcrowd’s crowdsourced community of cybersecurity researchers to promote a public channel for responsible disclosure of potential vulnerabilities. FCA US believes that the program is one of the best ways to address the cybersecurity challenges created by the convergence of technology and the automotive industry.

The Bugcrowd program gives FCA US the ability to: identify potential product security vulnerabilities; implement fixes and/or mitigating controls after sufficient testing has occurred; improve the safety and security of FCA US vehicles and connected services; and foster a spirit of transparency and cooperation within the cybersecurity community.

Bugcrowd manages all reward payouts, which are scaled based upon the criticality of the product security vulnerability identified, and the scope of impacted users. A reported vulnerability could earn a bug bounty of $150 to $1,500.

Automotive cybersafety is real, critical, and here to stay. Car manufacturers have the opportunity to engage the community of hackers that is already at the table and ready to help, and FCA US is the first full-line automaker to optimize that relationship through its paid bounty program.

The consumer is starting to understand that these days the car is basically a two ton computer. FCA US customers are the real winners of this bounty program; they’re receiving an even safer and more secure product both now and into the future.

—Casey Ellis, CEO and founder of Bugcrowd

FCA US may make research findings public, based upon the nature of the potential vulnerability identified and the scope of impacted users, if any. Last year, FCA US contacted customers about a potential vulnerability associated with certain radios; provided the software update and permanently closed remote access to the open port on the radio, eliminating the risk of any long-range remote hacking—all before issuing a recall.

The safety and security of our consumers and their vehicles is our highest priority. Building on a culture of safety, FCA US has developed a cross-functional team comprising engineering, safety, regulatory affairs, and connected vehicle specialists who are dedicated to collaboration and engagement with a wide range of industry professionals to build security into our vehicles and products by design.

—Sandra Hosler, cybersecurity system responsible, FCA US

The pioneer and innovator in crowdsourced security testing for the enterprise, Bugcrowd harnesses the power of more than 30,000 security researchers to surface critical software vulnerabilities and level the playing field in cybersecurity.

Bugcrowd also provides a range of responsible disclosure and managed service options that allow companies to commission a customized security testing program that fits their specific requirements.

Bugcrowd’s proprietary vulnerability disclosure platform is deployed by Tesla Motors, The Western Union Company, Pinterest, Barracuda Networks and Jet.com. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Venture Capital, Industry Ventures, Paladin Capital Group, Rally Ventures and Salesforce Ventures.

Comments

The comments to this entry are closed.