Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Apple’s bug bounty programme favours quality over quantity

Lucian Constantin | Aug. 5, 2016
The company will pay between US$25,000 and US$200,000 for exploits.

Apple hasn't always had the best relationship with the security community. While many researchers acknowledge the solid security of Apple products, it has often been criticized for the way it communicates about security issues, or for not communicating enough. Apple is also one of the last big companies to launch a security rewards program.

Vulnerabilities that can completely compromise iOS command some of the highest prices on the gray market. When iOS 9 came out, one exploit broker who counts government agencies among its customers offered $1 million for a browser-based jailbreak -- an exploit that can gain root access to iOS simply by visiting a website. The FBI has also bought an iOS exploit from hackers in order to access the data on the locked iPhone of Syed Farook, one of the San Bernardino shooters.

Asked by the audience at Black Hat why Apple waited so long to launch a bounty program, Krstić said the company has heard from researchers that finding critical vulnerabilities is increasingly difficult, and it wanted to reward those who take the time to do it.

Source: Computerworld U.S.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.