Apple announces $200,000 bug bounty program

in #apple8 years ago


  Unlike many of the other major tech  companies, Apple has never had a formal bug bounty program or corporate  policy for welcoming outsiders who poke holes in their security  features. However, as TechCrunch reports today,  Apple's head of Security Engineering and Architecture Ivan Krstic  announced at Black Hat that his company will now offer cash bounties of  up to $200,000 for hackers and researchers who find and report security  flaws in Apple products.


 

   The announcement came during Krstic's larger talk  about the security features built into some of Apple's newest services.  The company usually sits out the popular security conference in favor  of keeping big announcements limited to WWDC. The company now says  they've reached the point where its own internal testers and even  contract security firms are having difficulty finding more bugs.According to Securosis CEO and iOS security analyst Rich Mogull, the bounty is "the largest potential payout I'm aware of,"  but also fairly limited in scope: the guidelines focus on a very  specific set of vulnerabilities and Apple is currently working with a  select list of researchers. (Although, the company says if someone  outside the initial group finds a bug, they can easily be included in  the program.) The highest level bounty covers bugs found in secure boot  firmware components, but there are also smaller bounties for gaining  unauthorized access to things like iCloud account data -- a major  talking point after the infamous celebrity photo hack.While  $200,000 might be high for an official corporate bounty program, it's  still only a fraction of a payout like the $1 million the FBI reportedly  paid hackers to break into an iPhone owned by one of the shooters involved in the San Bernardino incident last year. And such high bounties can also be detrimental to security research in general. On the other hand, Twitter is a more secure place thanks to some $322,420 in bounties it has handed out over the past two years, and a bug bounty from Instagram made one 10-year-old Finnish kid $10,000 richer.



              Via:         TechCrunch
         Source:                 Securosis 


ps. cheetah definition: a nerd bot made by some 3rd party government agency or people who believe in conspiracy theories etc. in fact you believe that with withhold the power of speech and free internet information you can pimp a profit, which you did not actually ... well done keep calm and hate close source aristocracy minds ... ohm and don’t forget to also vote your comment with your second profiles you going to earn more harass power to trade after

#mac #ios #security #hackers
8 years ago in #apple by
$0.00
    3 votes
    Reply 1

    Coin Marketplace

    STEEM 0.30
    TRX 0.12
    JST 0.033
    BTC 64093.86
    ETH 3123.80
    USDT 1.00
    SBD 3.94