Apple offers cash rewards for bug catchers
The computer kind, not the creepy crawly kind
While its rivals have invited hackers to find bugs in their software in return for cash, Apple has long
held out. The argument went that it can’t offer the same level of reward as the black market or government, and has an in-house security team anyway, so why bother?
That thinking looks to have shifted. Ivan Krstic, Apple’s head of security engineering, announced the change at the annual Black Hat conference for the IT security industry. The ‘bug bounty’ program will launch in September with five tiers of reward, ranging from $25,000 to $200,000 for vulnerabilities in secure boot process components.
At present, the program is invitation-only. To be eligible for a reward, researchers must submit a proof of concept using the most recent iOS and Apple hardware. Apple will encourage people to donate their prize to charity, pledging to match any donation that goes to a charitable cause.
Alex Rice, co-founder of bug bounty program HackerOne, says Apple will benefit from its own program: “There isn’t a company yet who has launched a bug bounty program and has not identified new vulnerabilities that they didn’t know about yet”.