Apple fulgte Google og andre bemærkelsesværdige software giganter i at skabe deres egen Bug Bounty-program. Apple Bug Bounty program giver sikkerhedseksperter en måde at tjene penge ved at indsende oplysninger om sårbarheder til Apple.
Why Is Apple Joining the Bug Bounty Initiative?
There are two main reasons why people would want to participate in this scheme:
1. The security experts will be able to make some good money – Apple are generous enough to offer the researchers up to $200 000 for the most critical bugs. The amount will depend on the severity of the vulnerability and the researchers can expect that they will receive it on time.
2. Apple will be able to prevent bad reputation – Let’s face it, Apple have a pretty huge ecosystem of software and services that provide a very complex platform. As every other tech giants there have been a lot of critical incidents that resulted in information leakage and unauthorized access. Apple bug bounty program program will be able reduce the chances of something really bad from going public and it will have a positive effect on the security assurance.
The program will be invite-only at the beginning, as expected only a few team members will be present from the early start. The team will eventually grow and Apple are going to open the doors to other people in the near future. Тhe names of the first researchers are not known but various sources speculate that they have been former Apple employees.
The researchers will have to provide full and detailed information of the found exploits and submit a proof-of-concept demonstration on production systems and devices in order to qualify for any bounty prizes.
Apple Bug Bounty Program: Why Now?
Various sources speculate on the timing of this program. Other tech giants like Google and Microsoft have such programs in place. According to one specialist, Apple has been experiencing hardships lately and their security team has been unable to cope with the recent famous exploits in iOS. New security threats continue to emerge every single day it is becoming more difficult for vendors such as Apple to cope with the increasingly more complex vulnerabilities.
Some media sources suggest that the program has been set in place in order to counter reports that the FBI has security experts in finding exploits. These reports indicate that the government is actively seeking a way in order to gain access to user data on Apple’s devices.
Whatever the reason, cyber security researchers hope that this move will be helpful in preventing critical zero-day exploits from surfacing. In the last few years several famous incidents have taken place where information leakage has led to scandals or criminals have found ways into accessing restricted data on iOS and Mac OS X devices and systems.
Apple will accept bug reports from independent teams and researchers as well and provide rewards to them as well.
Technology experts remind us that as the new features continue to be developed so are the security threats going to grow. Every single iPhone feature that may appear in the next iteration of the device can provide a way for criminals to gain unauthorized access to user data og information. As we are getting more and more connected the world is getting more and more insecure.
Apple bug bounty program may be long overdue but experts hope that it would make a difference.