Apple launches bug bounty program
LAS VEGAS – Apple announced at the 2016 Black Hat USA security conference Thursday that it is planning to launch a new bug bounty program, which will offer cash to security researchers who find and reveal undisclosed vulnerabilities in the company’s products. Payouts can reach as high as $200,000.
The bug bounty program will begin in September on an invite-only basis and will first focus on the latest version of iOS, Apple’s mobile operating system.
Though the company had previously provided an official channel to share flaws in Apple’s technology, Thursday’s announcement represents the first time Apple has created a publicly visible bug bounty program.
Uber, Twitter, Facebook and even the Department of Defense have all leveraged bug bounty programs in the past to find vulnerabilities and thereby patch security holes. Such bounty programs are typically structured to limit or control the digital environment where the actually hacking occurs — with certain, affected systems quarantined from other business operations.
Until Thursday, Apple was one of the last, remaining major commercial technology brands to have never experimented with a bug bounty program.
To begin, the newly announced vulnerability disclosure project will be focus on just five distinct categories of bugs, including secure boot firmware components and unauthorized access to iCloud account data on Apple servers.
The prizes for disclosed, never before discovered vulnerabilities range from $25,000 to $200,000.