FCA is offering a "bug bounty" program that will provide a financial reward to those who can identify vulnerabilities that would affect the safety and security of its vehicles and connected services.
The company will offer up to $1,500 for each bug depending on the severity through the Bugcrowd platform.
The FCA US bug bounty program leverages Bugcrowd's crowdsourced community of cybersecurity researchers to promote a public channel for responsible disclosure of potential vulnerabilities. FCA US believes that the program is one of the best ways to address the cybersecurity challenges created by the convergence of technology and the automotive industry, the company announced.
The Bugcrowd program gives FCA US the ability to identify potential product security vulnerabilities, implement fixes or controls after sufficient testing has occurred, improve the safety and security of FCA US vehicles and connected services, and foster a spirit of transparency and cooperation within the cybersecurity community, FCA announced.
"Exposing or publicizing vulnerabilities for the singular purpose of grabbing headlines or fame does little to protect the consumer," said Titus Melnyk, FCA's senior manager of security architecture. "Rather, we want to reward security researchers for the time and effort, which ultimately benefits us all."
Bugcrowd will manage the reward payouts, which are scaled based upon the nature of the product security vulnerability identified and the scope of impacted users. A reported vulnerability could earn a bug bounty of $150 to $1,500.
For more information, visit the FCA Bugcrowd page.