August 3, 2018 3:30 PM, EDT

GM to Hire Hackers to Find Bugs in Car Computers

GM fights back against hackersGetty Images

Highly computerized cars or trucks could mean consumers’ data is vulnerable or the driver safety might be endangered if car companies aren’t prepared to cut off at the pass any data breach or threat to cybersecurity.

General Motors Co. is taking no chances. It’s bringing in those exact people who might do the infiltration to help thwart it.

In the upcoming weeks, GM will bring researchers, some of whom are professional computer hackers, to Detroit to offer them a bounty or cash payment for each “bug” they uncover in any of GM vehicles’ computer systems.

RoadSigns: A Transport Topics podcast


In our second episode of RoadSigns, we ask: How will the next levels of automation be deployed? Hear a snippet from Chuck Price, vice president of product at TuSimple, above, and get the full program by going to

“We’ll show them the products, programs and systems for which we plan to establish these bug bounties. Then we’ll put them in a comfortable environment, ply them with pizza and Red Bull or whatever they might need … and turn them loose,” GM President Dan Ammann said in a speech at the Billington CyberSecurity Summit at Cobo Center in Detroit on Aug. 3.

After that, GM will send these cybersecurity pros home with hardware to continue their research over many weeks, he said.

The program, called Bug Bounty, will include about 10 researchers GM has hand-picked.

“They are white-hat researchers who we’ve established relationships with through our coordinated disclosure program,” Jeff Massimila, GM’s vice president of global cyberSecurity, told reporters at the summit.

“White hat” is internet slang for an ethical computer hacker or computer security expert who specializes in penetration testing or other testing methods to help protect an organization’s information systems.

GM started its coordinated disclosure program two years ago, Massimila said. He said GM was one of the first automakers to embrace the work of white-hat researchers for its products and programs. The coordinated disclosure program was open to anyone, but GM did not pay those researchers for any contributions. Instead, he said, GM built relationships and identified the 10 it would pay to fix the bugs.

GM presently employs about 450 people working in the cybersecurity area, Massimila said.

The Bug Bounty program will start before the end of the summer, Massimila said. He and Ammann declined to say how much GM will pay the bug hunters or what it has spent on cybersecurity.

But Ammann said, “It is a top priority” for GM that its vehicles are safe from any data breach or threats particularly as it aggressively pursues development and deployment of autonomous vehicles, which it plans to take to market next year.

Ammann said GM has a broad perspective of where threats to information technology could come from.

“The overall threat level and so on is only going to grow from here, which is why we’re putting so much energy and resources into getting ahead and staying ahead,” Ammann told reporters at Cobo.

The work is not just happening inside the company, Ammann said, but GM is “taking advantage of third-party researchers, taking advantage of third-party expertise from multiple different places, working together across the industry to collaborate to make sure we have all the best minds working on this issue.”