Bug bounty or bug hunting programs are nothing new. For the past five years or so, almost all leading tech companies have incorporated bug bounty programs. Welcoming weakness and vulnerability reports from hackers and paying hefty cash rewards for their efforts. Companies that don’t have the technical skillfulness to run their own bounty programs have outsourced this to cyber security firms.
Apple To Launch Bug Bounty Program
One of the most significant tech giants of this era i.e Apple held out. Even though security has been a crucial part of its corporate mission. But still, Apple has been reluctant in this matter up till now. Quietly refusing to pay for bug reports and infuriating security researchers., Researchers who found it challenging to report defects to the Cupertino-based company.
That all changed this Thursday. Apple’s head of security engineering and architecture, Ivan Krstic, announced to Black Hat attendees that Apple will begin offering cash bounties of up to $200,000 to researchers who discover vulnerabilities in its products.
“We are pleased to announce an Apple security bounty program,” Krstic said during a talk at the Black Hat cybersecurity conference in Las Vegas.
In retrospect, these programs have long been a cyber-security essential for software developers, internet companies and overall tech related corporations including Microsoft, Yahoo, Chrysler and United Airlines. Last month, Google revealed that in the last year it had paid $550,000 overall to people who had revealed vulnerabilities in its Android software. In February, Facebook claimed that since 2011, its bug bounty program has handed out $4.3 million to almost 800 researchers worldwide.
The program starts in September. It will feature following five categories of risk and reward:
Vulnerabilities in secure boot firmware components: Up to $200,000
Vulnerabilities that allow extraction of confidential material from Secure Enclave: Up to $100,000
Executions of arbitrary or malicious code with kernel privileges: Up to $50,000
Access to iCloud account data on Apple servers: Up to $50,000
Access from a sandboxed process to user data outside the sandbox: Up to $25,000
Even though Apple is late to the party, it still could be a productive experience for the company.