Apple finally implements bug bounty program, invite only

Apple / Security / Tech
bug bounty

Apple says the bug bounty payouts will range from $25,000 to $200,000.

Apple announced Thursday that it would start its own bug bounty program for developers to find bugs and security flaws in its products. This is something other tech companies like Google and Microsoft have been doing for some time now with great success. Apple has traditionally kept its problems internal and didn’t much acknowledge any other input on bug and security matters. While this is a new start and venture for the company, the bug bounty program is going to have the Apple twist to it, invitation only.

But for those developers and security researchers who do get invited to tear Apple’s devices apart a nice payday awaits. Monies will be paid out on a severity scale which Apple dictates. The less severe a bug or flaw seems to Apple, the less money you’ll get for reporting it. But if you’re lucky enough to find a major bug or flaw you could walk away with a hefty sum of cash. Apple says the bug bounty payouts will range from $25,000 to $200,000.

The presentation also included a level of technical detail and disclosure of security—here, related to AutoUnlock, HomeKit, and iCloud Keychain—that has been mostly absent in the past at conferences, according to those present.

The fees offered aren’t enough to deter those merely in it for the cash, as major flaws can command cash from malicious and legitimate parties alike that far exceeds Apple’s top rates. But it could help convince researchers to disclose problems to Apple and remain mute until the bugs are patched. In some instances in the last few years, those who had discovered exploits went public after they decided sufficient time had passed without Apple providing updates.

Apple has traditionally liked to keep everything within their walled garden so the bug bounty is a step out of that. Although with it being invite only, it seems they’re building a wall around the bounty program as well. What do you think of Apple’s bug bounty program? Do you think this will improve Apple security? Let us know your thoughts and comments below or on Twitter, Facebook and Google+.

  Source: MacWorld
To Top