Apple Ups Bug Bounty Payouts, Expands Access to All Researchers and Launches macOS Program

[Justanotherfanboy]

time to get PAID

Lol, you have a zero-click kernel code execution with persistence bug you found, that you’ve been sitting on???
By all means, sir.... GET PAID!

 

[FamVR]

Finally. At last. Good move Apple.

By the way. I’m known - to insiders - for giving bugs away to other people in the community, because there was no macOS bug bounty program, but that will change right now.

 

[Romeo_Nightfall]

so here we are with an official apple security scheme.
icloud is the least secure thing they have, haha.

thanks tim hollywood for stating it that clear!

 

[Balkon]

With the money Apple has I never understood why they didn't push all this forward years ago.

 

[Sasparilla]

Great news and I like its not just Mac OS that they're adding here. A little late, but glad they're getting it done.

It'd not just Privacy Apple is providing customers, its security as well - nice to see they're embracing that.

The vulnerabilities identified and closed off the more secure our OS's are.

 

[Shirasaki]

Just like my old man used to say. Never buy the first year of a new model car or truck. Give it a year or two for some other idiot to find out the wiper switch doesn't like prune fumes, or some other issue no one thought up....

That’s why I don’t buy launch day iOS device, for the same reason. 😀

 

[SecuritySteve]

Hackers are now called "researchers".

Depends on what color hat you wear.

 

[citysnaps]

With the money Apple has I never understood why they didn't push all this forward years ago.

Because all successful companies, large or small, are resource limited.

I worked for a 10 person fabless ASIC semiconductor company in Palo Alto (Silicon Valley). We were always resource limited. We were eventually acquired by a very successful large company with many thousands of employees. And we were still resource limited.

In each case there were projects that could have been taken on, but the resources (engineers/$/time/etc) were not available.

 

[dantroline]

Because all successful companies, large or small, are resource limited.

I worked for a 10 person fabless ASIC semiconductor company in Palo Alto (Silicon Valley). We were always resource limited. We were eventually acquired by a very successful large company with many thousands of employees. And we were still resource limited.

In each case there were projects that could have been taken on, but the resources (engineers/$/time/etc) were not available.

Apple is heading for a crisis if it doesn't expand its horizons, such as into enterprise networking and large scale computing, but to do so it has to improve its security credentials. No one really trusts Apple for that sort of thing, because it isn't open about its problems - better the devil you know.