We’re really happy to see companies getting serious about rewarding white hat hackers. The latest example of this is when [Jordan Wiens] submitted two bugs and was awarded 1,000,000 Sky Miles on United Airlines.
The bounty is so high because he uncovered a method of remote code execution which United has since patched. Unfortunately, United requires bug secrecy so we’re not getting any of the gritty details like we have for some of the recently discovered Facebook vulnerabilities. That’s really too bad because sharing the knowledge about what went wrong helps programmers learn to avoid it in the future. But we still give United a big nod for making this kind of work and responsible reporting worthwhile. [Jordan] did an AMA last night which covered some more general hacking questions.
If you want to turn your leet skills into free travel you need to be a MileagePlus member and not reside in a US sanctioned country. Details on United’s Bug Bounty page.