When the bug bounty program rolls out next month, only an invited list of around two dozen security researchers will be eligible. Going forward, though, Apple will slowly open up the program to more people. Find exploitable bugs in key areas they consider a priority. It is reported that the highest paid category likely to be the secure book firmware components.
Advertisement
The bug bounty program’s first phase consists of five categories involving major exploits, such as data extraction of arbitrary code or the Secure Enclave – valued at $50,000 and $100,000 each.
If researchers can gain access to iCloud account data on Apple servers, they will be rewarded with $50,000.
“We go to tremendous lengths when it comes to engineering these security systems that provide trust in how we protect user data”. The tech company said that if the hackers choose to donate to a charity, they may match that donation. This invite only strategy is unusual for such programs but such caution by Apple is not unexpected, although the company plans on having a wider participation pool in the future. But Apple made clear that any researcher can be involved.
Apple is turning a new leaf as far as security it concerned.
But Apple tells me that this isn’t an attempt to be exclusive. According to a Reuters report the chosen security researchers “have previously helped Apple identify bugs, but have not been compensated for that work”.
While security has become an integral part of the corporate narrative, Apple chose to stay on the sidelines for years.
Most tech giant companies such as AT&T Inc., Google, Facebook Inc., Microsoft Corporation, Yahoo Inc., and TESLA Motors are utilizing the Bug-Bounty program.
So what took so long?
During this year’s Black Hat security conference, several other companies announced bug bounty programs.
Advertisement
It probably doesn’t hurt that the focus on Apple’s security is now more pointed than ever before. “The feedback that we’ve heard pretty consistently both from my red team and Apple and also directly is that it’s getting more hard to find some of the most critical types of security vulnerabilities”.
