Serge Pastukhov & Martin Georgiev, Security Engineering Abstract Understanding the health of the vulnerability management program is the key to managing risk in the company. Metrics need to be able to address the needs of various audiences — engineering teams, security leadership, executive leadership. Vulnerability scanners are used by many companies to identify vulnerabilities on company assets. Usually these scanners provide you with the metrics that look like time-series charts of the total number of vulnerabilities over time, or total risk over time or something similar. Above is an ..read more

Divyashree Joshi, Senior Security Engineer, Product Security Hello Hackers! We know it’s been a while since you last heard from our team, but we can assure you that it was well worth the wait! With COVID introducing new safety and travel restrictions everywhere, we have missed throwing some amazing live hacking events and hanging out with you all! 2020 has been interesting, and we’ve seen some new faces and unique exploits. Today, we are absolutely thrilled to announce Uber’s April Promo Event! Get ready for multipliers, bonuses, and last but not least, a highly coveted interview with our ..read more

By John Turner, Staff Security Technologist & Vinay Venkateswara Rao, Senior Security Technologist For Uber, cybersecurity isn’t just talk, it’s also taking action to pursue our mission of being a trusted resource for users in every market where we operate. One way Uber does this is through our Bug Bounty programs on HackerOne, where security researchers from around the world help us make our platform safer by identifying and helping resolve vulnerabilities. Uber launched its public bug bounty program over 5 years ago, in 2016. Since that launch, Uber’s Security and Engineering teams have ..read more

By Zach Singleton, Group Product Manager, Privacy & Anurag Naidu, Engineering Manager, Privacy Data Privacy Week is an important time of the year, and for the last few years, we’ve participated with others in the industry to raise awareness among our users about the choices they have to manage their privacy, and remind them of our commitment to taking a principled approach. This year we are taking things a step further, and we’re excited to announce Uber’s new “Privacy Center”, as well as multiple other new features and enhancements. Privacy Center is our new centralized hub for rider ..read more

Ruby Zefo, Chief Privacy Officer, Uber Today, Uber filed a lawsuit against the Los Angeles Department of Transportation (LADOT) to contest their unlawful implementation of the Mobility Data Specification (MDS), which allows the City to access and collect the location coordinates of JUMP riders in real time, putting their personal privacy at risk. This is not a decision we take lightly, and not a step we wanted to take, but after eighteen months of searching for a compromise, LADOT refuses to address the fundamental privacy concerns raised by us and independent experts. In view of th ..read more

Continuing our spotlight series, featuring two of our bug bounty winners from our April promo event. Last week, we announced the conclusion of our April bug bounty event and shared our conversation with hacker extraordinaire and winner (@whoareme). This week, we’re spotlighting our other winning team, @hunt4p1zza and @pmnh, who worked together for this event and took home $9,750, respectively. Read on to learn more about their personal and professional journeys through hacking. HUNT4P1ZZA Nick, aka @hunt4p1zza, is a pentester and consultant in the Infosec field for over 5 years. When ..read more

Sharing updates from our promo event and spotlighting our top hackers. Divyashree Joshi, Senior Security Engineer, Product Security In April 2021, Uber ran its Bug Bounty Promo event in partnership with HackerOne. This event was made successful with participation from all our valued researchers! We received 37 submissions, 6 of which were for high-severity vulnerabilities. We paid out a total of $45,500. In a new twist, we ran scripted Proof of Concepts for the very first time on our program and received 14 scripted POCs from our researchers! We saw some amazing bugs and we are ..read more

Matt Olsen, Chief Trust & Security Officer October is Security Awareness Month and I’m lucky to also be celebrating my first year at Uber. As we focus on our security program this month, over the next few weeks our riders will see simple tips from our security experts in the Uber app, such as how to use two-step verification to protect your account from unauthorized logins. Check out these simple security tips from our team in your Uber app during Security Awareness Month I joined Uber just over a year ago to lead a rapidly growing team of security experts with a range of skills and e ..read more

Ruby Zefo, Chief Privacy Officer, Uber When January 28 arrives every year, Uber has joined many other companies and individuals in celebrating Data Privacy Day. Data Privacy Day was created to commemorate the signing of Convention 108, the first legally binding international treaty to address privacy and data protection. For Uber and many others, it is a day dedicated to increasing awareness about the importance of respecting privacy, safeguarding data, and enabling trust. This January, our global team of privacy professionals has created some special internal and external activities, inc ..read more

Zach Singleton, Senior Product Manager, Privacy Engineering Today, we’re introducing two more privacy features to our trip experience. First, we’re launching “View as Driver,” which shows riders what their driver sees about them at every stage of their trip. We’re also launching “Profile Data Expiration,” a feature that removes certain personal information about drivers from post-ride receipts. These are the latest in a series of features designed to make riders and drivers feel more secure and confident when using Uber, and we’ve just begun rolling them out across the US and Canada. Here ..read more