Tesla to Give a Model 3 to Whoever Hacks Its Car

And they only have to pay for successful hacks—saving an enormous amount of money on testing—, and contests like these play into the satisfaction so-called whitehat hackers get from breaking into software in a constructive way.

The first bug bounty was offered by Netscape back in 1995, who said, “By rewarding users for quickly identifying and reporting bugs back to us, this program will encourage an extensive, open review of Netscape Navigator 2.0 and will help us to continue to create products of the highest quality.”

Other vendors were slow to adopt the unorthodox model and for years the idea of bug bounties failed to catch on while software vulnerabilities remained unaddressed.

[see-also]

Over time, however, companies began to catch on. Whitehats continued to report vulnerabilities in large enterprise software. Conferences such as DefCon worked to educate software companies about the need for such programs and soon these companies began to listen.

In 2004, Mozilla Firefox began offering $500 for whitehats who found critical security flaws in their browser.

Another big breakthrough came in 2007, with the introduction of the Pwn2Own contest, which originally set out to identify security vulnerabilities in the macOS X operating system as a way to wake up Apple to the need for better security measures.

The popularity of these contests began to wake up industry titans to their utility.

In 2010, Google announced its own security vulnerability program for its web applications and Facebook followed a year later with its whitehat program, offering a minimum $500 reward for vulnerabilities reported to the company and no maximum limit on the reward offered. The program is still going, having paid out more than $2 million so far.

Tesla Ups the Ante at Pwn2Own

Tesla’s four year old bug bounty program is already a huge success. Tesla has a very generous payout structure already, with its maximum reward per reported vulnerability being $15,000, and they’ve payed out hundreds of thousands of dollars in bounties so far.

What’s more, they’ve encouraged people to dig into their systems for weaknesses, reporting that hacking Tesla’s system—if done for legal bug bounty purposes—will not void the warranty on your car.

As long as your work complies with our bug bounty policy, Tesla will not void your warranty if you hack our software https://t.co/HhibE1UpRC https://t.co/NIISSrrViD

— Tesla (@Tesla) September 5, 2018

Giving away a Model 3 seems like the next logical step for the automaker. By dedicating itself to ensuring the safest possible system in their Model 3’s, Tesla’s Pwn2Own participation and reward of a Model 3 to the winner, will only make the Model 3—and everyone else on the road with them—safer as a result.