Fiat Chrysler Automobiles

FCA US is the first full-line automaker to offer a paid public bug bounty program, leveraging Bugcrowd to enhance the safety and security of FCA US consumers, their vehicles and connected services with bounty payouts up to $1,500.

FCA US has always made the security of their cars a top priority, standardizing and innovating security features since 1924 and, notably, in 1988 being the first automotive company to make airbags standard. As the attack surface of cars has expanded from just the physical realm to the cyber world, they take a new approach to product security in their commitment to helping keep drivers and passengers safe.

“We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix it before it becomes an issue for our consumers.”

- Titus Melnyk, Senior Manager, Security Architecture, FCA US.

To that end, Fiat Chrysler has turned to Bugcrowd to tap into the collective creativity of our 30,000+ security researchers, as well as those who aren’t yet members of the Bugcrowd community. Bugcrowd is excited to be part of this historic advancement in automotive security, and look forward to supporting the Fiat Chrysler bug bounty program both now and into the future.  

You can read additional details on the partnership in the press release we issued today. 

Fiat Chrysler Bug Bounty Program Details

  • The FCA public bug bounty program is focused on their connected vehicles, including the systems within them; the external services and applications that interact with them.
  • Rewards scope – $150 to $1,500
  • Requires explicit permission to disclose the results of a submission
  • FCA’s program page is available here