When a pair of hackers exposed security flaws a year ago in a Jeep Cherokee, Fiat Chrysler could have responded by trying to keep other hackers away from its products with intimidation or lawsuits. The demo led to a 1.4-million-vehicle recall, after all. But instead, the company is trying a smarter approach: offering to pay for hacks.
On Wednesday the Italian-owned Detroit automaker announced that it will pay “bounties” of as much as $1,500 to security researchers who alert the company to hackable flaws in its software. That makes the company the first major carmaker to officially shell out dollars in exchange for security vulnerability information, a sign of Detroit’s growing awareness of the looming threat of digital attacks on vehicles. “It’s a very big move,” says Casey Ellis, the CEO of Bugcrowd, the firm running Fiat Chrysler’s bug bounty program. “This is basically creating normalcy around the dialogue between hackers and vehicle manufacturers for the purposes of making vehicles safer.”