Apple Repels Bug Bounty Hunters By Its Low Payout Structure

Posted: Jul 9 2017, 10:55am CDT | by , in News | Apple

 
Apple repels bug bounty hunters by its low payout structure

Bug bounty programs was a genius idea to allow security experts to report discoveries to the company and get paid for it, instead of having security experts developing an exploit using that bug.

Apple recently also decided to initiate its bug bounty program last year and posted a payout structure, as shown below.

• Secure boot firmware: $200,000

• Extraction of confidential material protected by the secure Enclave processor: $100,000

• Execution of arbitrary code: $50,000

• Unauthorized access to iCloud account date on Apple Servers: $50,000

• Access from a sandboxed process to user date outside the sandbox: $25,000

For a person new to this field, these prices may look very high to you, but in the eyes of a security researcher, these payout rates are extremely low.

They are so low that security researchers have avoided Apple’s bug bounty program as a whole. High-threat discoveries inn a system as huge as managed by Apple usually sees a bounty of $500,000 to $1.5 million.

According to researchers, they can make more money by selling these bug discoveries to a third party, an entity which will be willing to pay more than what Apple is going to.

This story may contain affiliate links.

Find rare products online! Get the free Tracker App now.


Download the free Tracker app now to get in-stock alerts on Pomsies, Oculus Go, SNES Classic and more.

Latest News

Comments

The Author

<a href="/latest_stories/all/all/32" rel="author">Ahmed Humayun</a>
Ahmed Humayun is a technology journalist bringing you the hottest tech stories of the day.

 

 

Advertisement

comments powered by Disqus