General Motors turns key on bug bounty program
General Motors (GM) has opened a bug bounty program to allow hackers to report vulnerabilities in its vehicles.
Vulnerability reporting guidelines are stringent; GM agrees not to “pursue claims” against researchers if bug hunters do not harm or violate the privacy of GM or its customers, drop a zero day, or breach criminal law.
The bounty launched late last week will be a complex beast for GM given the number of vendors supplying software components to vehicles. Overseeing the program is GM cyber-security boss Jeffrey Massimilla appointed in 2014.