Unlike many of the other major tech companies, Apple has never had a formal bug bounty program or corporate policy for welcoming outsiders who poke holes in their security features. However, as TechCrunch reports today, Apple's head of Security Engineering and Architecture Ivan Krstic announced at Black Hat that his company will now offer cash bounties of up to $200,000 for hackers and researchers who find and report security flaws in Apple products.
The announcement came during Krstic's larger talk about the security features built into some of Apple's newest services. The company usually sits out the popular security conference in favor of keeping big announcements limited to WWDC. The company now says they've reached the point where its own internal testers and even contract security firms are having difficulty finding more bugs.According to Securosis CEO and iOS security analyst Rich Mogull, the bounty is "the largest potential payout I'm aware of," but also fairly limited in scope: the guidelines focus on a very specific set of vulnerabilities and Apple is currently working with a select list of researchers. (Although, the company says if someone outside the initial group finds a bug, they can easily be included in the program.) The highest level bounty covers bugs found in secure boot firmware components, but there are also smaller bounties for gaining unauthorized access to things like iCloud account data -- a major talking point after the infamous celebrity photo hack.While $200,000 might be high for an official corporate bounty program, it's still only a fraction of a payout like the $1 million the FBI reportedly paid hackers to break into an iPhone owned by one of the shooters involved in the San Bernardino incident last year. And such high bounties can also be detrimental to security research in general. On the other hand, Twitter is a more secure place thanks to some $322,420 in bounties it has handed out over the past two years, and a bug bounty from Instagram made one 10-year-old Finnish kid $10,000 richer.
Via: TechCrunch
Source: Securosis
ps. cheetah definition: a nerd bot made by some 3rd party government agency or people who believe in conspiracy theories etc. in fact you believe that with withhold the power of speech and free internet information you can pimp a profit, which you did not actually ... well done keep calm and hate close source aristocracy minds ... ohm and don’t forget to also vote your comment with your second profiles you going to earn more harass power to trade after
Hi! I am a content-detection robot. This post is to help manual curators; I have NOT flagged you.
Here is similar content:
https://www.engadget.com/2016/08/04/apple-announces-200-000-bug-bounty-program/
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit