Apple isn’t paying bug hunters nearly enough for iPhone exploits

Last year, Apple launched an invite-only bug bounty program where it was offering security researchers and hackers up to $200,000 for disclosing bugs in iOS. However, the program seems to have failed to take off as researchers and hackers as reluctant to report bugs to Apple as they are too valuable.

“For now, security researchers who have been invited by Apple to submit high-value bugs through the program prefer to keep the bugs for themselves,” reads the article. All of the eight bug hunters that the publication interviewed said they have yet to report a bug to Apple.

According to Nikias Bassen, a security researcher for the company Zimperium, and who joined Apple’s program last year:
People can get more cash if they sell their bugs to others. If you’re just doing it for the money, you’re not going to give bugs to Apple directly.
The program offers between $25,000 and $200,000 for an iOS or macOS exploit, depending on where it is and what it does. For now, the initiative is invite-only.

As The Loop’s Dave Mark put it, the question here is, are the bugs valuable enough for Apple to raise their bounties to compete with the grey market?


blog comments powered by Disqus
Octofinder Blog Catalog