Chicago Auto Show Blog

Chrysler Says, "Hack Away!"

Posted by: Mark Bilek

Uconnect-Pacifica-500Fiat Chrysler Automobiles (FCA) is offering a "bug bounty" financial reward for discovery of potential vehicle cybersecurity vulnerabilities. How much? Up to $1,500 bounty paid per bug, depending on impact and severity.

Reflecting the rise of connectivity technology in the automotive industry, the FCA program is using the Bugcrowd platform to enhance the safety and security of its consumers, their vehicles and connected services.

"There are a lot of people that like to tinker with their vehicles or tinker with IT systems," said Titus Melnyk, senior manager - security architecture, FCA US LLC.  "We want to encourage independent security researchers to reach out to us and share what they've found so that we can fix potential vulnerabilities before they're an issue for our consumers."

FCA believes that the program is one of the best ways to address the cybersecurity challenges created by the convergence of technology and the automotive industry. The Bugcrowd program gives FCA the ability to: identify potential product security vulnerabilities; implement fixes and/or mitigating controls after sufficient testing has occurred; improve the safety and security of FCA vehicles and connected services; and foster a spirit of transparency and cooperation within the cybersecurity community.

Bugcrowd manages all reward payouts, which are scaled based upon the criticality of the product security vulnerability identified, and the scope of impacted users. The FCA bug bounty program leverages Bugcrowd's crowdsourced community of cybersecurity researchers to promote a public channel for responsible disclosure of potential vulnerabilities. For more information visit, or watch the informational video below.

« Last Post Next Post »

View all Posts from this Blog