General Motors have launched a vulnerability disclosure program in last week through which carmaker has invited researchers to find security vulnerabilities in GM products and services to submit a report via the HackerOne platform. The carmaker is currently not offering any rewards for the same.
According to the statement generated GM representative
“There is not a specific list of products or services in scope. If a researcher has information related to security vulnerabilities in our products and services, we want to hear about it,”
General Motors is currently not offering any bug bounties, but the carmaker says it will continue to assess and adapt the program, and will consider recognition and incentive opportunities in the future.
They also provided a set of guidelines, who reports security bugs to General Motors.
GM agrees to not pursue claims against researchers related to the disclosures submitted through this website who:
- do not cause harm to GM, our customers, or others;
- provide a detailed summary of the vulnerability, including the target, steps, tools, and artifacts used during discovery (the detailed summary will allow us to reproduce the vulnerability);
- do not compromise the privacy or safety of our customers and the operation of our services;
- do not violate any criminal law;
- do not violate any other law (other than those that would result only in claims by GM), or disrupt or compromise any data or vehicle that is not their own;
- publicly disclose vulnerability details only after GM confirms completed remediation of the vulnerability and not publicly disclose vulnerability details if there is no completion date or completion cannot be ascertained;
- confirm that they are not currently located in or otherwise ordinarily resident in Cuba, Iran, North Korea, Sudan, Syria or Crimea; and
- confirm that they are not on the U.S. Department of the Treasury’s Specially Designated Nationals List.
GM takes cybersecurity very seriously, has devoted substantial resources to address it, and continues to do so, GM said in an emailed statement. .
According to GM statement
We also value the work of third party researchers, and want to hear directly from anyone who finds a security vulnerability in one of our products or services.
Subscribe for latest security updates