Tech

Apple launches bug bounty program

Apple announced to a crowded auditorium at the Las Vegas-based Black Hat security conference that it is planning to launch a new bug bounty program, which will offer cash to security researchers who find and reveal undisclosed vulnerabilities in Apple's software and hardware products to the company.

By Chris Bing

August 4, 2016

(pixabay)

LAS VEGAS – Apple announced at the 2016 Black Hat USA security conference Thursday that it is planning to launch a new bug bounty program, which will offer cash to security researchers who find and reveal undisclosed vulnerabilities in the company’s products. Payouts can reach as high as $200,000.

The bug bounty program will begin in September on an invite-only basis and will first focus on the latest version of iOS, Apple’s mobile operating system.

Though the company had previously provided an official channel to share flaws in Apple’s technology, Thursday’s announcement represents the first time Apple has created a publicly visible bug bounty program.

Uber, Twitter, Facebook and even the Department of Defense have all leveraged bug bounty programs in the past to find vulnerabilities and thereby patch security holes. Such bounty programs are typically structured to limit or control the digital environment where the actually hacking occurs — with certain, affected systems quarantined from other business operations.

Until Thursday, Apple was one of the last, remaining major commercial technology brands to have never experimented with a bug bounty program.

To begin, the newly announced vulnerability disclosure project will be focus on just five distinct categories of bugs, including secure boot firmware components and unauthorized access to iCloud account data on Apple servers.

The prizes for disclosed, never before discovered vulnerabilities range from $25,000 to $200,000.

Apple launches bug bounty program

More Like This

VA needs bigger budget to draw better cyber talent, CIO says

Congress should designate an entity to oversee data security, GAO says

Federal CIO focused on cyber, smooth transition in months ahead

Top Stories

National Archives CIO Sheena Burrell takes chief innovation role at FDIC

IRS’s AI voicebots and chatbots have room to grow, advisory panel says

State Department reveals new interagency task force on detecting AI-generated content

House bill to modernize government data, extend CDO Council moves out of committee

Anthropic eyes FedRAMP accreditation in quest to sell more AI to government

Anthropic model subject of first joint evaluation by US, UK AI Safety Institutes

Senators urge DHS to evaluate budding facial recognition ‘regime’ at airports

More Scoops

Bug bounties, constituent casework automation among ideas touted at Congressional Hackathon

Ongoing bug-bounty pilot pinpoints many vulnerabilities in DOD’s cyberspace

DOD expands vulnerability disclosure program to contracting base in pilot

HHS launches $80M public health IT workforce program promoting equity

Hack the Army event yields 102 critical security gaps

Army launches ‘Hack the Army 3.0’ with more targets for cybersecurity researchers

What one bug bounty platform’s FedRAMP authorization means for the industry

Latest Podcasts

VA’s CIO calls for a bigger budget to draw better cyber talent; State Department reveals new interagency task force on detecting AI-generated content

The Pentagon reviews findings on major UAP reports in Senate hearing; a bipartisan House bill to modernize government data would extend the life of the CDO Council

A final interview with GSA’s Ann Lewis

The Federal CIO is focused on cyber, a smooth transition in months ahead; New tech announcements made on Defense Secretary Lloyd Austin’s trip to the Indo-Pacific

Tech

Defense

Cyber

FedScoop TV