Apple will provide researchers with a maximum reward of 200000 dollars to help find loopholes
Apple said at the Black Hat Network Security Conference held in Las Vegas on Thursday that the company plans to provide researchers with rewards of up to 200000 dollars to help the company find security vulnerabilities in its products. Earlier, dozens of technology companies had introduced similar incentives to help find loopholes in their products.
Apple said that the company's incentive program will initially be open to about 20 invited researchers who will help Apple find security vulnerabilities that are difficult to find in five areas. Apple said that these researchers were selected by the expert group that helped Apple find out the vulnerability, but they will not be paid for their work.
Apple said that when iOS devices are charging, if investigators find loopholes in the "safe start" firewall used to prevent unauthorized programs, they will get a reward of up to 200000 dollars.
Apple said that it would draw on the suggestions of other companies to limit the scope of investigators to find security vulnerabilities. These companies said that if they can engage in this project again, they will only invite some researchers to participate in the initial stage, and gradually open this project over time. Security analyst Ritchie. Rich Mogull said that limiting the scope of participants could prevent Apple from dealing with a large number of "low value" vulnerability reports. "Fully opening up this project will lead Apple to invest a lot of resources," he said. Apple did not disclose that it had used the advice of those companies for reference.
Technology companies including Microsoft, Google (Weibo), Facebook, Tesla, Yahoo and others have launched similar incentive mechanisms. Since the introduction of the incentive mechanism three years ago, Microsoft has cumulatively distributed 1.5 million dollars to security researchers. The maximum single bonus paid by the company is $100000.
Not all companies' incentives, like Microsoft and Apple, are only for some researchers. For example, Facebook has open incentives. The company has distributed more than $4 million in bonuses to researchers in the past five years, with an average of $1780 last year. In March this year, Facebook distributed a $10000 bonus to a 10-year-old child in Finland. He found that the comment area of Instagram could not withstand attacks from malicious code.
