United Airlines Bug Bounty Program Payouts

Featured on Business Insider

The United Airlines Bug Bounty program permits independent researchers to discover and report security issues that affect the confidentiality, integrity and/or availability of customer or company information. The program rewards researchers with frequent flyer miles for being the first to discover a bug. Bounties range from 50,000 to 1,000,000 miles per bug depending on severity.

All of the bugs that I have submitted are zero-day web or mobile app vulnerabilties. 

100+ Bugs
20+ Million Miles

"Ryan is an exceptionally talented researcher and a big reason why our program has been so successful. His creative submissions have helped strengthen our security environment, and we are grateful for his partnership and professionalism."

‚Äč

Arlan McMillan

United's chief information security officer

This program strictly prohibits the use of vulnerability scans or automated scans on United servers (including scans using tools such as Acunetix, Core Impact or Nessus).

Donations

In late 2016, I donated 5 million miles to my alma mater, Georgia Tech. Those miles were used by student organizations that do charity work abroad such as Engineers Without Borders. This was the largest In-kind donation ever made by an undergraduate student. You can read about the story here.

In mid 2017, I donated 1 million miles to Eckerd Connects, a non-profit that helps struggling families. You can read about this story here.

In mid 2018, I donated 2.5 million miles to Make-a-Wish Foundation. This was the largest individual miles donation ever made to Make-a-Wish. You can read about this story here.

In mid 2019, I donated another 1.2 million miles to Make-a-Wish Foundation. My employer, Amazon, was participating in the Wishes in Flight miles drive, and I decided to match all employees' donations.