General Motors turns key on bug bounty program

General Motors (GM) has opened a bug bounty program to allow hackers to report vulnerabilities in its vehicles.

Vulnerability reporting guidelines are stringent; GM agrees not to “pursue claims” against researchers if bug hunters do not harm or violate the privacy of GM or its customers, drop a zero day, or breach criminal law.

The bounty launched late last week will be a complex beast for GM given the number of vendors supplying software components to vehicles. Overseeing the program is GM cyber-security boss Jeffrey Massimilla appointed in 2014.