Apple Announces Bug Bounty Program
Posted by: Timothy Weaver on 08/05/2016 10:45 AM
[
Comments
]
Apple closed out the Black Hat convention with an announcement that it will be starting a bug bounty with a top payout of $200,000.
Apple is inviting 12 researchers to participate in the program, but will consider submissions by other researchers.
Ivan Krstic, head of security engineering and architecture,said: “We’ve had great help from researchers like you in improving iOS security all along. As the mechanisms we build get stronger, the feedback I’ve gotten from my team is that it’s getting increasingly difficult to find those vulnerabilities. The Apple bounty program will reward researchers who share critical vulnerabilities with Apple and we will make it a top priority to resolve those and provide public recognition.”
“The difficulty in finding most of the critical vulnerabilities is going up and up as we invest in new security technology and mechanisms,” Krstic said. “The difficulty is such that we want to reward people for their time and creativity they put in to finding bugs in these categories.”
Rich Mogull, analyst and CEO at consultancy Securosis said: “It won’t motivate the masses or those with ulterior motives, but will reward those interested in putting in the extremely difficult work to discover, then work through the engineering, of some of the really scary exploitable vulnerability classes.”
Source: Threat Post
Apple is inviting 12 researchers to participate in the program, but will consider submissions by other researchers. Ivan Krstic, head of security engineering and architecture,said: “We’ve had great help from researchers like you in improving iOS security all along. As the mechanisms we build get stronger, the feedback I’ve gotten from my team is that it’s getting increasingly difficult to find those vulnerabilities. The Apple bounty program will reward researchers who share critical vulnerabilities with Apple and we will make it a top priority to resolve those and provide public recognition.”
“The difficulty in finding most of the critical vulnerabilities is going up and up as we invest in new security technology and mechanisms,” Krstic said. “The difficulty is such that we want to reward people for their time and creativity they put in to finding bugs in these categories.”
Rich Mogull, analyst and CEO at consultancy Securosis said: “It won’t motivate the masses or those with ulterior motives, but will reward those interested in putting in the extremely difficult work to discover, then work through the engineering, of some of the really scary exploitable vulnerability classes.”
Source: Threat Post
Comments
