Apple Introduces its First Security Bounty Program

Apple announced its first-ever bug bounty program, offering computer security researchers up to $200,000 for each software bug they find that makes Apple products less secure.

The bounty program will begin as invite-only on Sept. 1, including only a few dozen researchers. Apple said the program will become more open as it grows, and if a non-member approaches Apple with a significant bug, they’ll be invited into the program to work it through. The program offers payments of $50,000 to $200,000 depending on the severity of the bug discovered.

In addition, for now, the new program is also limited to five distinct categories of bugs. The most valuable category — worth up to $200,000 — is vulnerabilities that compromise the secure boot firmware components, cutting at the heart of Apple's hardware protections. Smaller rewards are available for the extraction of data from the Secure Enclave, extraction of arbitrary code, escaping a sandboxed process, and obtaining unauthorized access to iCloud account data.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.