GM Launches “Bug Bounty” Program for Hackers

General Motors Co. is turning to a small group of independent “white-hat” researchers to help it find and fix software glitches that might allow unauthorized access to a vehicle.

The initiative, which will begin later this summer, will include about 10 hackers. GM officials will meet with the group in Michigan to discuss key products and programs, then turn the hackers loose to uncover bugs and vulnerabilities.

Hackers will be paid for each bug they find. This could include “large sums of money” based on the severity of the risk identified, Jeff Massimilla, GM vice president of global cybersecurity, tells Automotive News.

The bounty program was announced by GM President Dan Ammann at the second annual Billington Automotive Cyber Security Summit in Detroit. The project builds on a similar effort GM launched in early 2016. That initiative involves some 500 hackers who have identified more than 700 vulnerabilities, according to the carmaker.

GM also uses in-house employees and third-party contractors to troubleshoot software risks, and is involved in industry consortiums.

Ammann says GM has reengineered its vehicle development process to include cybersecurity from the early phases of design, putting multiple layers of protection in place to defend the vehicle and its systems. This includes threat monitoring, detection and response capabilities the company constantly tests and refines.