“Over the past five years, most major tech companies have instituted bug bounty programs, welcoming vulnerability reports from hackers and reimbursing for reports in cash,” Kate Conger reports for TechCrunch. “But for years, Apple remained a holdout. While security has been a crucial part of its corporate narrative, Apple has quietly refused to pay for bug reports, at times frustrating security researchers who found it difficult to report flaws to the company. That changed [Thursday], as Apple’s head of security engineering and architecture, Ivan Krstic, announced to Black Hat attendees that Apple will begin offering cash bounties of up to $200,000 to researchers who discover vulnerabilities in its products.”
“‘Apple historically had a rough relationship with researchers,’ said Rich Mogull, CEO of Securosis and a security analyst who keeps tabs on iOS security. ‘Over the last 10 years, that has changed a lot and become more positive.’ The bug bounty program, he says, is another step in the right direction,” Conger reports. “While $200,000 is certainly a sizable reward — one of the highest offered in corporate bug bounty programs — it won’t beat the payouts researchers can earn from law enforcement or the black market.”
“A bug bounty program is unlikely to tempt any hackers who are only interested in getting a massive payout. For those who only care about cash, Mogull said Apple could probably never pay enough. But for those who care about making an impact, getting a check from Apple could make all the difference,” Conger reports. “‘This is about incentivizing the good work,’ Mogull explained… In an unusual twist, Apple plans to encourage researchers to donate their earnings to charity. If Apple approves of a researcher’s selected institution, it will match their donation — so a $200,000 reward could turn into a $400,000 donation.”
Much more in the full article here.
MacDailyNews Take: Again, this is excellent news! Thanks to this new program, Apple product users will enjoy even more security and privacy protections.