Please hack my car – Is bug bounty an appropriate way of testing autonomous vehicles?
The Keynote Theatre
Wed 26th Sep 01:00 to 01:30
Crowdsourcing the identification of vulnerabilities is attractive and has led to the development of bug bounty programmes. These programmes provide recognition to researchers for reporting vulnerabilities. Bug bounty programmes are being launched at a remarkable pace with evidence of both good and bad practice. Currently there is no definition of good practice and no guidelines for those procuring bug bounty programmes nor support or guidance for the researchers. There is also no clear view on the appropriateness of using such programmes to test safety critical systems such as those used on autonomous vehicles.
Would you be comfortable travelling in an autonomous vehicle where suppliers are actively allowing the vehicle to be hacked; or do you feel more confident travelling in a vehicle that has been openly tested by the crowd?
What you will take away from this session
- There is a need for good practice guidance in the use of Bug Bounty Programmes for procurers, supplier and researchers
- Some form of regulation is likely if the industry does not put in place appropriate controls
- It is not as easy as you might think to set up, managed, triage and turn off a bug bounty programme
- A way must be found to harness the crowd but ensure the safety and security of the individual is not compromised