Trending News

Apple Announces Bug Bounty Program: The Company Will Pay Up To $200,000 For Vulnerabitlities

By

Previously, Apple did not pay security researchers who report security problems, vulnerabilities, and bugs in their software. However, it all changed when the head of Apple security announced the company's bug bounty program.

The head of Apple security, Ivan Krstic, announced that the company will pay up to $200,000 to researchers who is able to find and report vulnerabilities in the Apple software. The Apple security bounty program was announced during the Black Hat cybersecurity conference in Las Vegas, Nevada, CNET reported.

However, bug bounty program is not open for all. The program, which will initially launch in September, will only include a group of cybersecurity researcher that the company has previously worked with. But if somebody else outside the group makes a report, the company would consider paying him/her. As Krstic said, it is not meant to be an exclusive club.

The bounties would include a $25,000 reward for loopholes that let hackers into Apple's digital compartments or customer's data. Apple will pay $50,000 for bugs that makes holes into the iCloud data and a whopping $200,000 to those who can prove vulnerabilities that are critical to Apple's firmware, New York Times reported.

Bug bounties have long been utilized by the big software makers such as Yahoo, Microsoft, Chrysler, and even the United Airlines. Last month, Google claimed they paid a total of $550,000 to people who found vulnerabilities in the Android software. Facebook, on the other hand, said that their bug bounty program has given away over $4.3 million to more than 800 cybersecurity researchers around the world.

Apple has been known to be a less target for hackers because of two reasons. First, because it has a small market share, and second, because Apple products tend to be more secure.

The US Department of Justice has paid an unknown hacker to unlock the iPhone left by one of the shooters in the San Bernardino terrorist attack after the company hesitate to crack the encryption.

This scenario could have been avoided if only Apple had been paying bug bounties for critical vulnerabilities, said Securosis CEO Rich Mogull. He also pointed out that Apple cannot out-pay the government who can pay $1 million.

© 2024 University Herald, All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics