Aug 18 · Last update 4 mo. ago.

Is Apple’s bug bounty system enough to stop vulnerabilities being sold elsewhere?

Apple’s Security Bounty system rewards any researcher or company that can bring the company’s attention to vulnerabilities or exploitation techniques that could pose a security threat to users of the company’s operating systems. Apple’s bug bounty system was initially a private program but was opened to the public in 2019; the company has historically raised the bounty numerous times also and currently awards up to $1 million U.S. dollars. Apple maintains a strong pro-privacy stance and has been criticised in the past for insufficient data security on its devices, both of these issues could be complicated massively if system vulnerabilities were to be sold to a higher bidder that seeks to exploit their system vulnerabilities. Is Apple’s bug bounty system enough to stop vulnerabilities being sold on a black market? Should apple be paying more or doing more to stay ahead of those wishing to undermine their operating systems?
Stats of Viewpoints
Apple can’t just spend its way out of security vulnerabilities
0 agrees
0 disagrees
Add New Viewpoint

Apple can’t just spend its way out of security vulnerabilities

Regardless of the monetary reward the Apple Security Bounty relies on the hope that the next researcher thinks that reporting the bug to Apple matters more than the money. According to Russell Brandom of The Verge, Apple only rewards their bug bounties with a small fraction of the millions that researchers can earn selling iOS exploits on the black market. There have been many reports from developers and researchers that have used the Security Bounty system that they think the Tech giant is very stingy with they rewards for reporting bugs. Apple should immediately step up their financial rewards while also trying to foster a culture of goodwill that solving security issues is a greater good for the global community of Apple device users.

theverge.com/2016/8/26/12660800/apple-ios-security-bug-bounty-payouts mjtsai.com/blog/2021/07/13/more-trouble-with-the-apple-security-bounty imore.com/developer-feels-robbed-apples-security-bounty-program medium.com/macoclock/apple-security-bounty-a-personal-experience-fe9a57a81943

Latest conversation
Aug 19
DH edited this paragraph
https://www.theverge.com/2016/8/26/12660800/apple-ios-security-bug-bounty-payouts https://mjtsai.com/blog/2021/07/13/more-trouble-with-the-apple-security-bounty/ https://www.imore.com/developer-feels-robbed-apples-security-bounty-program https://medium.com/macoclock/apple-security-bounty-a-personal-experience-fe9a57a81943