Bug bounties have been a rather common sight these days, with various private tech companies and governmental organizations around the world awarding those who manage to find vulnerabilities in their system with cash. Today, yet another company is annoucing its own bug bounty, and said company is none other than Apple.
Announced at the Black Hat cyber security conference in Las Vegas, Apple announced that it plans to offer rewards of up to USD200,000 to those who manage to find critical security bugs in its products. The rewards for Apple’s bug bounty program is split into five different categories of risk and reward, with exploits that allows someone to gain sandbox access being worth USD25,000, while those who detect vulnerabilities in secure boot firmware components will be awarded up to USD200,000. In a twist to the award system, Apple is encouraging those who manage to identify a bug to donate their earnings to charity. If Apple approves of a researcher’s selected institution, it will match their donation.
For those hoping to participate in Apple’s bug bounty program, do note that Apple isn’t opening this up to the general public. Apple is currently limiting the bug bounty program to researchers who have made valuable vulnerability disclosures to Apple themselves. While this prerequisite may be loosened in the future, Apple’s bug bounty program will currently be invite only.
Source: TechCrunch, VentureBeat