One year after researchers demonstrated they could remotely commandeer control of a Jeep Cherokee by exploiting a cybersecurity weakness, Fiat Chrysler Automobiles is ramping up its efforts to thwart car-hacking threats.
The automaker said this week it has established a bug-bounty program, through which independent researchers can report security flaws and receive payments ranging from $150 to $1500, depending on the severity of the problem discovered.
?We want to encourage independent security researchers to reach out to us and share what they?ve found so that we can fix potential vulnerabilities before they?re an issue for our consumers,? said Titus Melnyk, senior manager of security architecture for FCA.
But the payments come with a big catch. Researchers who accept the compensation must sign nondisclosure agreements that prohibit them from disclosing findings to anyone outside the company. Retaining the right to disclose vulnerabilities has been a contentious point in often-prickly relationships between car companies and independent cybersecurity researchers. Should the latter agree to sign that away, it would be a major shift in how flaws are handled and could potentially leave car owners in the dark on cyber threats in their cars.
?
It all depends on what you want more. From our

perspective, we wanted to change an industry and raise

public awareness. ? Chris Valasek

?

In the past, many vehicle researchers have been frustrated that their discoveries were ignored...