Beginning on 8 February 2017, the hackers and research centres that were invited to take part in the preliminary stage will be participating in the newly announced bug bounty program of the Lufthansa Group. As soon as the bug bounty goes into effect, participants will be able to hunt down vulnerabilities (bugs) on www.worldshop.eu according to a predefined set of rules. Depending on the gravity of the reported vulnerability, a reward (bounty) will be paid out in the form of Miles & More miles.
“Our websites are an attractive target for cyber criminals. Data theft and trafficking have become a lucrative business. We want our customers to feel comfortable trusting us with their sensitive data, and the security of our customers has always been our top priority. We already have very high standards to protect customer information and want to improve them even more with this bug bounty program. The topic of data security has a very high priority for the entire Lufthansa Group,” says Andreas Dürkop, Vice President IT Security of the Lufthansa Group. “The best possible protection for sensitive customer information is also a fundamental part of the corporate identity of Miles & More.” The Lufthansa subsidiary Miles & More operates the Lufthansa WorldShop, among other things.
After a successful launch of the limited bug bounty program for www.worldshop.eu, every hackerone user will be able to participate. The bug bounty program will later be expanded to include other Lufthansa Group websites. At that point, all interested parties will be able to find additional information on the participation conditions and possible rewards on www.hackerone.com. However, legal representatives of the Lufthansa Group, current and former employees of the group and its associated companies as well as members of their immediate family may not participate.
While many high-profile companies offer bug bounty programs, they are not yet common in the aviation industry. Star Alliance partner United has already launched a bug bounty successfully. The Lufthansa Group is one of the first aviation companies in Europe to face the challenges of a bug bounty program.