Apple Launches Bug Bounty Program, Offers Up to $200,000 for Software Vulnerabilities Discovered

[69Mustang]

Great idea. iOS will always be more secure than Android, and this will only further that gap.

Dude. Are you unhappy in life? Almost every thread you enter you bring this same trollish BS. It's as if your goal is to intentionally and proactively be antagonistic for no other reason than "I just want to see the world burn." Apple is finally joining the rest of their community in participating in bounty programs. It's a good thing. Good for Apple, good for their customers, and good for the people who actually put in the work to find the bugs.

This has nothing to do with Android and which OS is better, but you damn sure want to make it that. Please understand: Being an Apple fan and doing what you do makes you no different than an Apple hater going all H.A.M. in these threads. Just opposite sides of the same coin. Neither side good.

Mods are most likely going to delete this comment but I hope you take it in the way it's meant. You've made a lot of decent points when you weren't trying to Donald Trump the threads. On a funny note, I hope you're not still trying to fight people over 64 bit apps.

 

[thisisnotmyname]

Shame it is invite only. Doesn't seem like a wise move.

 

[Michael Goff]

You know i was being sarcastic.

I actually didn't. Lets be real, I'm an idiot.

 

[Cole Slaw]

Knowing Apple the reward will be in iTunes cards.

 

[Zirel]

Shame Apple's own workers don't know how to fix bugs. You'd think they'd be paid to fix them.

This comment is filled with ign... the thirst to see Apple fail.

For your information, it's Apple who has to pay for the discovery, and has to fix the bugs. So no, it's not Apple that doesn't know "how to fix the bugs".
[doublepost=1470373639][/doublepost]

How secure will you feel when Apple starts deleting photos or videos off your iOS device that appear to be in copyright violation?

And what are you going to do when the lizard people get activated by the chemtrails and start killing everybody except the Rothschilds?

 

[C DM]

The incredibly buggy new OS releases shows that Apple is no longer capable of doing it in-house - going the OUTSOURCING route.

Shame Apple's own workers don't know how to fix bugs. You'd think they'd be paid to fix them.

Yeah...that's not quite what that's about, nor is it how that all works.

 

[wschutz]

And if it means a more secure device, I don't know why anyone would be against it.

Security by obscurity never worked... and the proof is the jailbreak that happens all the time, if you want a secure device, you open source the whole thing

 

[C DM]

Security by obscurity never worked... and the proof is the jailbreak that happens all the time, if you want a secure device, you open source the whole thing

That doesn't mean that it's security by obscurity.

 

[Solomani]

The incredibly buggy new OS releases shows that Apple is no longer capable of doing it in-house - going the OUTSOURCING route.

What's wrong with outsourcing? Just because they didn't do it in the past does not make it a bad idea now.

 

[Zirel]

What's wrong with outsourcing? Just because they didn't do it in the past does not make it a bad idea now.

Because when it's Apple doing, it's bad. When it's Google doing, it's good, and Apple should copy.

 

[T'hain Esh Kelch]

The incredibly buggy new OS releases shows that Apple is no longer capable of doing it in-house - going the OUTSOURCING route.

You don't get out much, eh? Instead of having the same 200 security programmers go over the same code again and again, you potentially have the entire planet to look at it. This is absolutely normal in the industry and makes a lot of sense.

 

[BollywooD]

this is great news!

 

[keysofanxiety]

About time! Way overdue.

 

[diddl14]

So Apple bets $200k agains anyone finding an iOS kernel or secure enclave bug?
You would assume that by now they got to a point where they were willing to risk a bit more than that..

 

[Kabeyun]

The incredibly buggy new OS releases shows that Apple is no longer capable of doing it in-house - going the OUTSOURCING route.

Nope. Bug bounty programs are common and Apple is actually late to the game on this.

 

[Marx55]

"Apple will also encourage researchers to donate their earnings to charity and will match all bug bounty donations".

I invite Apple to donate also their earnings to charity. True one.

 

[kdarling]

So Apple bets $200k agains anyone finding an iOS kernel or secure enclave bug?
You would assume that by now they got to a point where they were willing to risk a bit more than that..

You have an interesting point. Some things should be nearly priceless, or at least include negotiating leeway

For instance, if the secure enclave was hacked, you could get past TouchId, passcodes, and all the encryption.

Such info could be worth millions to a crime syndicate... or to a government. And perhaps cost Apple millions in consumer confidence if it came out.

Hopefully it's just not possible (via just software, anyway), but still...

 

[Thunderhawks]

I don't get why anybody wants to be negative towards Apple for this.

About the only comments this should get :

"It's a good thing"and

if people can't resist to be negative:

Finally. Better late than never ! etc.

How this gets done is totally unimportant. Outsourced, kindergarten class, senior home, in house or whatever.

 

[Sasparilla]

So if I reveal to them two vulnerabilities they will pay me for both? Or only for just one per year?

You have to be invited to be part of this. Hopefully it'll grow so anyone can submit stuff for this, but starting out its just invites going out to folks they trust.

About time Apple did this - especially with their focus on security. The other big companies have been doing this for years. Anything Apple can do to lock things down is a good thing.

I don't get why anybody wants to be negative towards Apple for this...

If its not too obvious there is a good amount of astroturfing taking place on this forum from folks associated with competitors of Apple (certainly some of it paid). No matter what's announced they'll disparage it. Companies that work very closely with their government's security services (who are often great friends of the U.S. government and its surveillance desires) like Samsung etc. won't like this announcement. JMHO...

 

[kdarling]

If its not too obvious there is a good amount of astroturfing taking place on this forum from folks associated with competitors of Apple (certainly some of it paid). No matter what's announced they'll disparage it.

Heh. No need.

If there were such paid people here, they'd be a waste of money, as criticism would occur anyway.... because internet and males

For that matter, long time Apple fans themselves are often the most vocal critics of Apple.

 

[Michael Goff]

Security by obscurity never worked... and the proof is the jailbreak that happens all the time, if you want a secure device, you open source the whole thing

I do hope you're joking.

 

[NT1440]

Does anyone know if the Apple rep's talk to BlackHat is available online anywhere?

 

[Tech198]

For some reason flashbacks to 'The bounty Hunter'

Good for Apple doing this.

 

[RedOrchestra]

They probably needed the office space for the Tidal Music gang - heck, Kanye and his entourage would need 2,000 sq m at a minimum.

 

[jimbobb24]

This is awesome news!
[doublepost=1470439300][/doublepost]

This comment is filled with ign... the thirst to see Apple fail.

For your information, it's Apple who has to pay for the discovery, and has to fix the bugs. So no, it's not Apple that doesn't know "how to fix the bugs".
[doublepost=1470373639][/doublepost]

And what are you going to do when the lizard people get activated by the chemtrails and start killing everybody except the Rothschilds?

Do we know the timeline for that? Sounds serious and my bunker is not yet fully staffed. I need details.