# Does Uber reward bug bounties? If we find a problem, how long for 500+ engineers to fix? Fake surge



## Kuber (Oct 8, 2015)

I noticed this before and told Uber. When on a boost trip, get a ping- will show boost (looks like a surge). Do the ride to find out no surge. Contact help and they don’t see surge/boost, so no cash pal.

BUT IT SHOWED IN THE APP. Probably a mistaken variable call in the app.

Where do I collect my bug bounty?


----------



## thatridesharegirl (Jul 7, 2016)

Pics or it didn't happen.

Also, YOUR 'BUG' = UBER'S 'FEATURE'


----------



## Hogg (Feb 7, 2016)

Sometimes they offer rewards for informtion on bugs, then refuse to pay you and ignore the problem until hackers exploit it and force them to pay $100,000. Then they fire their CSO.


----------



## Mista T (Aug 16, 2017)

What makes you think that it was a bug?

Uber got you to drive, didn't they? Seems like it worked to me.


----------



## Jo3030 (Jan 2, 2016)

It's always in Uber's favor.
Always.


----------



## beezlewaxin (Feb 10, 2015)

Your bug is probably "Out of Scope" but you should read about Uber's bug bounty program yourself by going to this site:

https://hackerone.com/uber

Here is the current policy, copied from that site (some parts removed due to forum post length restrictions. Please click the link for the uneditted page)



> *Policy*
> The scope for Uber's bug bounty program is focused on securing the data of our users. Therefore, our approach is to evaluate any given report based on the specific security impact for users (versus domain + vulnerability class). Below we describe the various security impact buckets that are in-scope, examples of vulnerability types, and domains that could potentially have meaningful security impact.
> 
> Bounty awards are not additive and are subject to change as our internal environment evolves. We determine the upper bound for security impact and award based on that impact. Prior bounty amounts awarded are not precedent for future payments.
> ...


Here is Uber's newsroom clip about it:
https://www.uber.com/newsroom/bug-bounty-program/

From that clip:

Uber has created a treasure map guide to show security researchers how to find the different classes of bugs across our codebase. This will be regularly updated.


----------



## HazardousDescent (Jul 25, 2016)

https://medium.com/bread-and-circus...rom-the-uber-security-bug-bounty-aa9646aa103f


----------



## Skepticaldriver (Mar 5, 2017)

Bug bounties are for when uber is going to be exploited. What op described was a driver being exploited which is ubers primary objective.


----------

