Free cash: Apple enters bug bounty sweepstakes

by Derek Kortepeter
Sept. 1, 2017 0 comments TechGenix vulnerabilities

It is not uncommon for technology companies to enlist the help of outside sources for security. One way this occurs is through a bug bounty program, where a company offers (usually financial) rewards to individuals who discover security vulnerabilities or other flaws within their products. But the biggest technology company of them all has been absent from the bug bounty sweepstakes. That changed when Apple unveiled its bug bounty program at the Black Hat conference. Apple’s program differs from most others in that it involves invite-only participation and offers up to $200,000 in rewards. So far only 12 unnamed security researchers have been invited to join the program, but the number is expected to grow. Over time, the bug bounty program will invite more researchers in increasing amounts. As Ivan Krstic, head of security engineering and architecture at Apple, stated in the Black Hat reveal speech, “The difficulty in finding most of the critical vulnerabilities is going up and up…...