Apple Bug Bounty program is the iPhone maker's project to reward security experts, who can find internal flaws and other systems issues in its newly released products and other services.
"Apple offers public recognition for those who submit valid reports, and will match donations of the bounty payment to qualifying charities," said the giant tech creator via its official blog post.
The Cupertino tech giant offers thousands or even millions of dollars depending on the issue that you discover. To give you more idea, here are the categories that cybersecurity researchers can participate in:
- Device attack via physical access ($100,000-$250,000)
- Device attack via user-installed app ($100,000-$250,000)
- Network attack with user interaction ($150,000-$250,000)
- Network attack without user interaction ($250,000-$1,000,000)
Based on these numbers, the rewards offered by the Apple Bug Bounty program are quite great. However, some security experts complain about certain issues.
Apple Bug Bounty Program Disappoints Security Experts
Luta Security CEO Katie Moussouris, who helped start the Defense Department's bug bounty program, said that Apple has a massive backlog of system issues it needs to fix.
"What do you expect is going to happen if they report a bug that you already knew about but haven't fixed? Or if they report something that takes you 500 days to fix it?" said Moussouris via Apple Insider.
This is not the only issue that Katie and other security experts complain about. They are also frustrated about the delayed payments, poor internal communication, as well as the so-called insular culture of the program, which drastically affects the company's device security efficiency.
Aside from the Bug Bounty program issue, Apple also faces a U.S. Labor Board investigation about alleged unfair labor practices. Apple employees also recently shared their negative workplace experiences.
Incorrect Payments are Being Sent?
Cedric Owens, a security researcher who discovered a flaw that could allow hackers to bypass MacBook's security system, also shared his experience in the Apple Bug Bounty program.
He said that he was supposed to receive around $100,000 from the company, but he was only paid $5,000. Owens complained that it is unfair since the issue they detected could lead to a sensitive data breach, which falls under the categories "Device attack via physical access" and "Device attack via the user-installed app."
For more news updates about the Apple Bug Bounty program and other similar stories, always keep your tabs open here at TechTimes.
This article is owned by TechTimes
Written by: Griffin Davis