An anonymous reader writes about Uber's newly announced bug bounty program: Taxi aggregator service says it is willing to pay security researchers thousands of dollars if they are able to find vulnerabilities in its apps and websites. The company says that it will reward security researchers who are able to deface its homepage or expose users' email addresses a sum of $5,000. A sophisticated breach, which presumably allows an attacker to get hold of Uber accounts, or facilitate execution of malicious code on an Uber production server will grant him or her up to $10,000. From a TechCrunch report, "Uber's program has several unique components. First of all, it's trying to be as direct as possible with researchers when it comes to ground rules and payments. Greene says one of the issues that researchers/hackers have with these programs is that the payment system can be capricious. Someone finds a bug and a negotiation commences over how valuable it its. He says that this program is going to be crystal clear about what Uber will pay, offering up to $10,000 for a critical bug. Secondly, the company wants to reward loyal researchers, who report lots of bugs, so they are setting up a loyalty program."