The Stuttgart-based brand has officially launched the third round of its Bug Bounty program to identify and fix vulnerabilities in its digital services . Announced on August 13, 2025, this cycle builds upon a 2023 pilot and a condensed edition in 2024. The objective is clear: to mobilize ethical hackers to find vulnerabilities before being found.
Why is this strategic for the luxury automotive industry?
In the world of connected cars , trust is an integral part of the product. A Bug Bounty program protects the customer experience and personal data across the entire digital ecosystem: apps, payments, charging, customer portal, and cloud-based vehicle interfaces. This controlled transparency confirms that while any system can contain vulnerabilities, these are not left to chance.
HackerOne program work
The framework is published on HackerOne with a defined scope, a safe harbor policy , and a reward system indexed to severity. Researchers test authorized assets, submit a reproducible report, and then the security team qualifies and rewards valid findings. The entire process is conducted via encrypted communication, with debugging and retesting deadlines.
What will change in 2025
Porsche is industrializing its approach: faster review of reports, expansion of the research community, and increased processing and evaluation capabilities. The goal is to shorten the time between discovery, validation, and corrective action—a key factor in the constantly evolving world of OTA and mobile services.
The context: threats on the move
The rapid digitalization of vehicles and related services is multiplying the attack surfaces. Bug bounty programs complement penetration testing and internal audits, revealing unexpected scenarios from the field, particularly at the vehicle-cloud interface. For premium customers, continuity of use and confidentiality are becoming crucial criteria.
What Porsche earns… and the customer
-
Early detection : reducing the risk of actual exploitation.
-
Diversity of approaches : hundreds of profiles and methodologies.
-
Continuous improvement : each report feeds into future controls.
-
Trust signal : security addressed at the product level, not just in communication.
Timeline express
-
October 2023 : Pilot launch of the Bug Bounty to structure collaboration with external researchers.
-
November 2024 : a four-week edition to accelerate the rise in maturity.
-
August 2025 : relaunch of the program, strengthened review process and opening up to more talent.
Key points to remember
The Bug Bounty confirms that, in the luxury automotive sector , security is a service in its own right. By opening itself up to the security community through HackerOne , Porsche a brand advantage: discreet, measurable, and decisive for users of connected cars .
Sources: Porsche Newsroom (2023–2025), HackerOne page, and official documents. Links to the policy, safe harbor, and 2025 announcement are included above.
