Ap­ple of­fers cash re­wards for bug catch­ers

The com­puter kind, not the creepy crawly kind

Mac Format - - APPLE CORE -

While its ri­vals have in­vited hack­ers to find bugs in their soft­ware in re­turn for cash, Ap­ple has long

held out. The ar­gu­ment went that it can’t of­fer the same level of re­ward as the black mar­ket or gov­ern­ment, and has an in-house se­cu­rity team any­way, so why bother?

That think­ing looks to have shifted. Ivan Krstic, Ap­ple’s head of se­cu­rity en­gi­neer­ing, an­nounced the change at the an­nual Black Hat con­fer­ence for the IT se­cu­rity in­dus­try. The ‘bug bounty’ pro­gram will launch in Septem­ber with five tiers of re­ward, rang­ing from $25,000 to $200,000 for vul­ner­a­bil­i­ties in se­cure boot process com­po­nents.

At present, the pro­gram is in­vi­ta­tion-only. To be el­i­gi­ble for a re­ward, re­searchers must sub­mit a proof of con­cept us­ing the most re­cent iOS and Ap­ple hard­ware. Ap­ple will en­cour­age peo­ple to do­nate their prize to char­ity, pledg­ing to match any dona­tion that goes to a char­i­ta­ble cause.

Alex Rice, co-founder of bug bounty pro­gram Hack­erOne, says Ap­ple will ben­e­fit from its own pro­gram: “There isn’t a com­pany yet who has launched a bug bounty pro­gram and has not iden­ti­fied new vul­ner­a­bil­i­ties that they didn’t know about yet”.

In an ef­fort to make Mac and iOS soft­ware as wa­ter tight as pos­si­ble, Ap­ple's fi­nally wel­com­ing the bug hunters.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.