Jump to content

Apple announces $200,000 bug bounty program


Spartan

Recommended Posts

Unlike many of the other major tech companies, Apple has never had a formal bug bounty program or corporate policy for welcoming outsiders who poke holes in their security features. However, as TechCrunch reports today, Apple's head of Security Engineering and Architecture Ivan Krstic announced at Black Hat that his company will now offer cash bounties of up to $200,000 for hackers and researchers who find and report security flaws in Apple products.

The announcement came during Krstic's larger talk about the security features built into some of Apple's newest services. The company usually sits out the popular security conference in favor of keeping big announcements limited to WWDC. The company now says they've reached the point where its own internal testers and even contract security firms are having difficulty finding more bugs.

According to Securosis CEO and iOS security analyst Rich Mogull, the bounty is "the largest potential payout I'm aware of," but also fairly limited in scope: the guidelines focus on a very specific set of vulnerabilities and Apple is currently working with a select list of researchers. (Although, the company says if someone outside the initial group finds a bug, they can easily be included in the program.) The highest level bounty covers bugs found in secure boot firmware components, but there are also smaller bounties for gaining unauthorized access to things like iCloud account data -- a major talking point after the infamous celebrity photo hack.

While $200,000 might be high for an official corporate bounty program, it's still only a fraction of a payout like the $1 million the FBI reportedly paid hackers to break into an iPhone owned by one of the shooters involved in the San Bernardino incident last year. And such high bounties can also be detrimental to security research in general. On the other hand, Twitter is a more secure place thanks to some $322,420 in bounties it has handed out over the past two years, and a bug bounty from Instagram made one 10-year-old Finnish kid $10,000 richer.

Link to comment
Share on other sites

14 minutes ago, yomama said:

I get your sense of humor but am not arrogant, if that's what you are referring to.

Comedy chesa bro serious tesukoku ?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...