back to article Generous Fiat Chrysler offers $1,500 for car security bugs – or two minutes of annual profit

Fiat Chrysler has finally got around to offering a bounty on bugs found in its cars. But the scheme is unlikely to get any takers considering the pitiful amount of money on offer. Last year car-hacking artistes Charlie Miller and Chris Valasek took remote control of the engine, brakes, and minor systems of such Fiat Chrysler …

  1. Sebastian A
    Facepalm

    They're only shooting themselves in the foot with this approach. The bounty means they admit there's a good chance there are bugs, and the lowball price means it'd be far more profitable to exploit it rather than turn it in.

    Who makes these decisions, and what are they thinking?

    1. quxinot Silver badge

      Seb, have you ever driven a chrysler product?

      Software bounties is the least of their worries.

  2. Mark 85 Silver badge

    This surprises anyone? Really? Chrysler is on the downslope and has been for years. When they brought Iacocca back the second time, it only slowed the slide for a bit. Now that the bean counters and shareholders are in full control, it'll continue to be milked until there is nothing left. Pay researchers? Why? That costs profit.

    This company should have died several decades ago.

  3. Oengus
    Thumb Down

    Business Model

    value the safety of its customers so cheaply

    I heard somewhere that some companies (and mostly US companies) looked at the cost of fixing safety issues vs the potential payout in lawsuits from victims and their families then made a decision, based purely on the lower cost, as to which way to go... Sounds like the business model for Fiat/Chrysler.

    1. Anonymous Coward
      Anonymous Coward

      Re: Business Model

      But even if they're purely motivated by cash (and at core that's the usual business model, perhaps veneered with some pious hand-wringing) they're still doing it wrong - their last public software problem got them a $105M fine, lots of expensive recall work, and damaged their brand so undoing lots of expensive advertising. In response - a bug bounty that (at maximum) is worth 0.001% of that sum. Increase it fifty-fold, pay it out twenty times, and it's still just 1% of the cost of the last fuck up and good PR to boot. Bloody cheap insurance - only a pig-headed bean counter could think it worth the risk to penny-pinch on it.

      1. Pascal Monett Silver badge

        Re: only a pig-headed bean counter

        Is there any other kind ?

        1. Anonymous Coward
          Anonymous Coward

          Re: only a pig-headed bean counter

          I once worked for an accountant-turned-small-computer-dealer. A sensible, pleasant and pragmatic man with a remarkably common-sense approach to the accounts. It was quite obvious he wasn't destined for greatness (as measured by boardroom rank, anyway...)

      2. Blank Reg Silver badge

        Re: Business Model

        It doesn't even make sense from a bean counters perspective.

        How much time would it take for their engineers to go through the code to find those bugs? I can almost guarantee the cost would be more than $1500. Any serious bug should be worth at least $10k. And as we're talking about vehicles here some bugs could be life threatening, I'd up the bounty on such critical bugs to $50k and still consider that a bargain.

  4. Anonymous Coward
    Anonymous Coward

    Worst cars on the market.

  5. Anonymous Coward
    Anonymous Coward

    What about gear shift recall?

    The faulty gear shift design in jeeps has caused multiple crashes, injuries and at least one death. RIP Anton. Unclear if they have even notified owners or if they have a fix yet. Meanwhile, try to avoid getting killed by triple checking that the vehicle is in park, and firmly setting the parking brake before exiting vehicle.

    'Hackers' are hardly at the top of the list of things to worry about when the vehicle has fundamental design defects. And I agree that the payout for reporting vulnerabilities is so low few if any (white hat) researchers will bother.

    Pathetic

    1. jtaylor Bronze badge

      Re: What about gear shift recall?

      Indeed. I trust that Fiat Chrysler Automobiles knows their problems better than we consumers do — and I'm sure they remember the debacle from their remote-control Jeeps. They certainly spend a lot of money managing product quality. It's easy for us to see that electronic security is important, but they are prioritizing vastly larger and more expensive problems that we didn't hear about yet.

      1. Terje
        Joke

        Re: What about gear shift recall?

        Good sir as a reader of your above comment I noticed the lack of a clearly visible sarcasm warning, this lack nearly caused me to choke on my water causing untold seconds of lost productivity and profit. As a member of the comment reading public I sincerily hope that you do a full recall of the affected comment and install additional sarcasm protection equipment to prevent further injury.

  6. Adam 1

    when I see a low figure like this

    I assume that there must be so many low lying fruits that they will be paying people out at an unaffordable rate. Wouldn't consider one of their cars after this*

    *Disclaimer: wouldn't have considered one before this either, because I know where they and their stablemates sit in the reliability and customer satisfaction surveys.

  7. TheProf Silver badge
    Headmaster

    Bug hunter

    "I think its the first company besides Tesla to do that."

    I think you'll find they are the second company, after Tesla, to do that.

  8. This post has been deleted by its author

  9. Anonymous Coward
    Anonymous Coward

    It only seems cheap...

    ...until you realise that it shows how much of a bug-addled piece of crap they think their own product is.

  10. druck Silver badge
    Coat

    Daewoo

    They could always give away a free Daewoo with every bug found, worth about the same as the cash, but perhaps still not much of an incentive.

    1. MrT

      Re: Daewoo

      It'll start a trend for anonymous submissions, or even submitting in someone else's name... A shiny, hardly used Matiz sitting there whilst a bunch of bug-hunters all point at each other saying "No, really, it was him/her".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021