Apple is the latest company to join dozens of firms that already offer payments for help uncovering flaws in their products. The U.S. based maker of iPhones and operating system said that payment of up to $200,000 as rewards for researchers who find critical security bugs in its products was being planned by the company.
The plan was unveiled on Thursday afternoon at the Black Hat cyber security conference in Las Vegas. Some of the biggest bounties offered to date is being offered to ethical hackers by the maker of iPhones and iPads.
Two dozen researchers who Apple will invite to help identify hard-to-uncover security bugs in five specific categories would initially only be included in the program announced by Apple. The company said that the group of experts who have previously helped Apple identify bugs formed the source of choosing the researchers. Such researchers had earlier not been paid by the company, Apple said.
Finding out bugs in Apple's "secure boot" firmware for preventing unauthorized programs from launching when an iOS device is powered up is the most lucrative category where researchers would be given rewards of up to $200,000.
At the advice of other companies that have previously launched bounty programs, Apple has decided to limit the scope of the program, it said. According to Apple, such companies with previous experience of offering such bounties were of the opinion that first inviting a small list of researchers to join the program and then gradually open it up over time would be the strategy that they would follow is they were to do it again.
Limiting participation would save Apple from dealing with a deluge of "low-value" bug reports, said security analyst Rich Mogull. "Fully open programs can definitely take a lot of resources to manage," he said.
Apple declined to say which firms provided advice.
AT&T Inc, Facebook Inc, Google, Microsoft Corp, Tesla Motors Inc and Yahoo Inc. are among the top IT companies that regularly hold such programs and offer such rewards.
Microsoft is one U.S. based IT giant that offers rewards for identifying very specific types of bugs. Its two biggest payouts have been for $100,000 each and the company has handed out $1.5 million in rewards to security researchers since it launched its ethical hacking to identify risks program three years ago. However experts are of the view that programs like the ones from Apple and Microsoft are very focused and not all bounty programs are as focused.
For example, Facebook offers rewards for a wide-range of vulnerabilities and dies so through an open program. Last year the company paid away an average payment of $1,780. And the company with the largest social media platform in the world has paid out more than $4 million over the past five years.
In March this year, a 10-year-old boy in Finland who found a way to delete user comments from Instagram accounts and consequently Facebook paid that boy $10,000.
(Source:www.reuters.com)
The plan was unveiled on Thursday afternoon at the Black Hat cyber security conference in Las Vegas. Some of the biggest bounties offered to date is being offered to ethical hackers by the maker of iPhones and iPads.
Two dozen researchers who Apple will invite to help identify hard-to-uncover security bugs in five specific categories would initially only be included in the program announced by Apple. The company said that the group of experts who have previously helped Apple identify bugs formed the source of choosing the researchers. Such researchers had earlier not been paid by the company, Apple said.
Finding out bugs in Apple's "secure boot" firmware for preventing unauthorized programs from launching when an iOS device is powered up is the most lucrative category where researchers would be given rewards of up to $200,000.
At the advice of other companies that have previously launched bounty programs, Apple has decided to limit the scope of the program, it said. According to Apple, such companies with previous experience of offering such bounties were of the opinion that first inviting a small list of researchers to join the program and then gradually open it up over time would be the strategy that they would follow is they were to do it again.
Limiting participation would save Apple from dealing with a deluge of "low-value" bug reports, said security analyst Rich Mogull. "Fully open programs can definitely take a lot of resources to manage," he said.
Apple declined to say which firms provided advice.
AT&T Inc, Facebook Inc, Google, Microsoft Corp, Tesla Motors Inc and Yahoo Inc. are among the top IT companies that regularly hold such programs and offer such rewards.
Microsoft is one U.S. based IT giant that offers rewards for identifying very specific types of bugs. Its two biggest payouts have been for $100,000 each and the company has handed out $1.5 million in rewards to security researchers since it launched its ethical hacking to identify risks program three years ago. However experts are of the view that programs like the ones from Apple and Microsoft are very focused and not all bounty programs are as focused.
For example, Facebook offers rewards for a wide-range of vulnerabilities and dies so through an open program. Last year the company paid away an average payment of $1,780. And the company with the largest social media platform in the world has paid out more than $4 million over the past five years.
In March this year, a 10-year-old boy in Finland who found a way to delete user comments from Instagram accounts and consequently Facebook paid that boy $10,000.
(Source:www.reuters.com)