Apple Inc. will reward the researchers and hackers who report vulnerabilities in its software product, the company said on Thursday in Las Vegas.
With its all new “security bounty,” the organization joins hands with a growing list of tech firms that pay rewards as cash for valuable security info. Microsoft Corp., Google parent Alphabet Inc. and Facebook Inc. have paid out a buck of dollars in bug bounty programs over the last few cycles.
Apple’s head of security engineering and architecture Ivan Krstic, speaking at the Black Hat security conference in Las Vegas,
“It’s getting increasingly difficult to find some of those most critical types of security vulnerabilities,”
“The Apple security-bounty program is going to reward researchers who actually share critical vulnerabilities with Apple.”
The company said it would reward up to $200,000 for the most stubborn bugs.
“We believe that these payment amounts are commensurate with the level of difficulty in attacking some of these systems,” Mr. Krstic said.
Such bugs can be utilized to give researchers key of a device. The Federal Bureau of Investigation paid for a tool to hoodwink the security standards on the iPhone 5S used by San Bernardino shooter Syed Rizwan Farook that worth more than $ 1 million.
Apple has offered 5 categories of Vulnerabilities that has rewards:-
- Bugs in secure boot firmware elements: Up to $200,000
- Bugs that allow extraction of private stuff from Secure Enclave: Up to $100,000
- Attempts of arbitrary or malicious code with core perquisites: Up to $50,000
- way to iCloud account data on Apple servers: Up to $50,000
- Way from a sandboxed process to user data outside the sandbox: Up to $25,000
The program launches in next month i.e. September from which these reward scheme will be effective from.