A security researcher has claimed that United Airlines failed to fix a severe bug in its mobile app even though he reported it to them five months ago. United Airlines launched its Bug Bounty programme six months ago to much media fanfare with the promise of paying bug finders in air miles rather than cold, hard cash. Two months after launching the scheme, the airline announced it had awarded one million air miles for one bug to security researcher Jordan Wiens. But according to Randy Westergren, a security researcher and senior software develop for XDA Developers, a vulnerability in an API endpoint he reported to the firm was met with silence for five months.
View full story
ORIGINAL SOURCE: SC Magazine