FCA US Launches 'Bug Bounty' Program To Advance Vehicle Cybersecurity
OE

FCA US Launches ‘Bug Bounty’ Program To Advance Vehicle Cybersecurity

FCA US says it is the first full-line automaker to offer "bug bounty" financial rewards for discovery of potential vehicle cybersecurity vulnerabilities.

FCA - LogoTo address the rapidly increasing convergence between connectivity technology and the automotive industry, FCA US LLC has announced the launch of a public “bug bounty” program on the Bugcrowd platform to enhance the safety and security of its consumers, their vehicles and connected services.

“There are a lot of people who like to tinker with their vehicles or tinker with IT systems,” said Titus Melnyk, senior manager – security architecture, FCA US LLC. “We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix potential vulnerabilities before they’re an issue for our consumers.”

The FCA US bug bounty program leverages Bugcrowd’s crowdsourced community of cybersecurity researchers to promote a public channel for responsible disclosure of potential vulnerabilities. FCA US said it believes the program is one of the best ways to address the cybersecurity challenges created by the convergence of technology and the automotive industry. The Bugcrowd program gives FCA US the ability to: identify potential product security vulnerabilities; implement fixes and/or mitigating controls after sufficient testing has occurred; improve the safety and security of FCA US vehicles and connected services; and foster a spirit of transparency and cooperation within the cybersecurity community.

“Exposing or publicizing vulnerabilities for the singular purpose of grabbing headlines or fame does little to protect the consumer,” added Melnyk. “Rather, we want to reward security researchers for the time and effort, which ultimately benefits us all.”

Bugcrowd manages all reward payouts, which are scaled based upon the criticality of the product security vulnerability identified, and the scope of impacted users. A reported vulnerability could earn a bug bounty of $150 to $1,500.

“Automotive cybersafety is real, critical and here to stay. Car manufacturers have the opportunity to engage the community of hackers that is already at the table and ready to help, and FCA US is the first full-line automaker to optimize that relationship through its paid bounty program,” said Casey Ellis, CEO and founder of Bugcrowd. “The consumer is starting to understand that these days the car is basically a two-ton computer. FCA US customers are the real winners of this bounty program; they’re receiving an even safer and more secure product both now and into the future.”

FCA US said it may make research findings public, based upon the nature of the potential vulnerability identified and the scope of impacted users, if any. Last year, FCA US contacted customers about a potential vulnerability associated with certain radios; provided the software update and permanently closed remote access to the open port on the radio, eliminating the risk of any long-range remote hacking – all before issuing a recall.

“The safety and security of our consumers and their vehicles is our highest priority,” said Sandra Hosler, cybersecurity system responsible, FCA US LLC. “Building on a culture of safety, FCA US has developed a cross-functional team comprised of engineering, safety, regulatory affairs and connected vehicle specialists who are dedicated to collaboration and engagement with a wide range of industry professionals to build security into our vehicles and products by design.”

You May Also Like

Vehicle Quality Trending in the Wrong Direction: JD Power

From cupholders and door handles to ADAS features, reported problems are rising at record levels.

The proliferation of technology in today’s vehicles might be coming at a cost.

According to J.D. Power’s 2023 U.S. Initial Quality Study, the number of problems per 100 vehicles (PP100) has gone up by a record 30 PP100 over the past two years – suggesting that quality is taking a backseat to innovation in the auto industry.

Japanese-Brand Automakers in US: $60.4B in Plants, 2.29M Jobs

New data highlights Japanese-brand automakers’ contributions to the U.S. economy and workforce.

Toyota Transforms Alabama Engine Plant with Clean Energy

Toyota, Toyota Tsusho America and Huntsville Utilities announce 168-acre solar project.

IIHS Strengthens Requirements for TOP SAFETY PICK Awards

Only 48 models qualify for 2023 awards thanks to stiffer requirements for headlights and side crash protection.

Magna Wins GM Battery Enclosures Business 

Magna will supply battery enclosures for the all-new 2024 Chevrolet Silverado EV.

Other Posts
Magna’s ClearView Vision System Comes to Market on Ram Truck

The product combines interior and exterior mirrors, cameras, electronics and software.

Bridgestone Partners with Lamborghini on Supercar Run-Flat

Bridgestone says the Dueler All-Terrain AT002 is the first supercar all-terrain tire featuring run-flat technology.

BASF Color Report: Automotive Color Rainbow is Expanding 

While white and black still win, chromatic colors gain market share around the globe.

Car, Truck & Utility Vehicle of the Year Announced

Winners were selected after hundreds of hours of test driving, research and evaluation.