We all know that the tech giant Apple started its bugs hunting program last year and it chose a small number of researchers to participate in this program. However, after several months, it is almost certain that this is a program that is doomed to failure just because of the value that these failures have.
Apple’s Bug Bounty Program Not Paying Enough To Attract HACKERS
When the tech giant Apple started its bugs hunting program last year, it chose a small number of researchers to participate in this program.
Now, after several months, it is almost certain that this is a program that is doomed to failure but because of the value that these failures have. It’s more profitable not to report flaws to the tech giant Apple and sell them to other interested parties.
Following the line of other companies, the tech giant Apple decided in August last year to start a rewards program for security researchers who report flaws in their operating systems.
Unlike the tech giant Microsoft, for example, this seems to be proving fruitless, since virtually none of the security researchers invited will have reported any flaws, choosing to sell them to other entities and for much higher values.
This is precisely the only problem with this tech giant Apple’s bug bounty program. There are many entities willing to pay real fortunes for the failures of the tech giant Apple systems, far exceeding what the Cupertino company has defined as a reward.
According to several investigators involved in this process, these entities are supposed to be trustworthy and only intend to buy these flaws to help companies and countries access proprietary and locked information on locked equipment.
By way of example, all jailbreaking failures are far more profitable outside of Apple. Security firm Zerodium is willing to pay 1.5 million dollars for a failure of these and Exodus Intelligence, another security company, has announced that it will pay 500,000 US dollars for finding a failure in iOS.
It remains for the tech giant Apple alone to change the amounts it pays to security researchers, matching market values or getting another approach that appeals to those who find these flaws and who seeks to profit from them. The current scenario, as can be seen, does not, contrary to what happens with the tech giant Microsoft or Google, announcing high premiums paid values.
So, what do you think about the tech giant Apple’s bug bounty program rewards? Simply share your views and thoughts in the comment section below.