Apple has announced a new bug bounty program at the information security conference, Black Hat, and security researchers can receive as much as $200,000 (approx. Rs. 1,33,65,000). For those unfamiliar with the concept, bug bounty programs such as these offer security researchers money in exchange for undiscovered vulnerabilities in its products. The amount of cash offered varies depending on the severity of the flaw. The maximum cash offered is for vulnerabilities in secure boot firmware components, but the company is also offering money for other flaws, only not as much.
In his keynote address, Ivan Krstic, the head of Apple Security and Architecture said, “With over a billion active devices and in-depth security protections spanning every layer from silicon to software, Apple works to advance the state of the art in mobile security with every release of iOS.”
This is also the first time that Apple has offered such a program, and usually relies on its own security teams to fix flaws. Further, this comes after Apple’s battle with the FBI earlier this year in which the agency asked the company to give it access to a phone belonging to the one of the accused in the San Bernardino shooting. Apple refused to do so, saying that such a move would diminish the data security offered by iPhones. The FBI later went on to unlock the device with the help of a third party. Apple must be hoping that the bounty program will ensure that security researchers who discover flaws will report back to the company instead of third party security companies.