Apple Opens Bug Bounty Program
Tech companies have long paid bounties to security researchers who find flaws in their software. Until now, however, Apple hasn’t availed itself of this method of encouraging vulnerability discoveries. Apple has announced a bug bounty program that will pay between $25,000 and $200,000 to researchers who discover certain classes of security vulnerabilities in iOS or iCloud. The program is open only to invited researchers for now, but Apple says that if someone outside the program discovers an exploit in a covered class, they may be added to the program. Over on the Securosis blog, TidBITS Security Editor Rich Mogull provides more details and calls it “a good start.”