Monday, November 18

Apple Started Bounty Bug Program For Developers

Apple Inc said it plans to offer rewards of up to $200,000 (£152,433) to researchers who find critical security bugs in its products, joining dozens of firms that already offer payments for help uncovering flaws in their products.

Such rewards are already offered by dozens of firms, including Facebook Inc, Google, Microsoft Corp, Tesla Motors Inc and Yahoo Inc.

The program will initially be limited to about two dozen researchers who Apple will invite to help identify hard-to-uncover security bugs in five specific categories. Those researchers have been chosen from the group of experts who have previously helped Apple identify bugs, but have not been compensated for that work, the company said.

The most lucrative category, which offers rewards of up to $200,000, is for bugs in Apple’s “secure boot” firmware for preventing unauthorized programs from launching when an iOS device is powered up.

Microsoft, which has handed out $1.5 million in rewards to security researchers since it launched its program three years ago, also offers rewards for identifying very specific types of bugs. Its two biggest payouts have been for $100,000 each.

Not all bounty programs are as focused as the ones from Apple and Microsoft.

Facebook, for example, has an open program that offers rewards for a wide-range of vulnerabilities. It has paid out more than $4 million over the past five years, with last year’s average payment at $1,780.

In March, Facebook paid $10,000 to a 10-year-old boy in Finland who found a way to delete user comments from Instagram accounts.