Whether its payment details or chat logs, we pass on so many things through our mobile phones. And as we give away more and more personal information, it becomes a responsibility of the tech companies to take all necessary measurements for ensuring the security of whatever activity is done on their customers’ devices.
A number of tech companies have developed their bug bounty programs in last four years. They not only welcomed hackers’ vulnerability reports but also made money for reports. On the other hand, several companies who lack technical expertise and, therefore cannot execute their own bounty programs hired outsider to accomplish this vital aspect.
Although the scene is different with Apple who believes security is a crucial aspect of any organization so it refuses to spend for bug reports. The company has often caused researchers frustrating on finding it difficult to report errors to the firm. However, things seem changed today as Ivan Krstic who is the head of company’s security engineering and architecture released an official announcement saying the company is soon going to offer cash bounties that will worth up to $200,000 to the researcher who can find out vulnerabilities in their products.
The above announcement refers to Apple’s strategy for getting rid of some of the secrecy around its design. It also meant to convey a meaningful message to hackers’ community and to the groups of researchers as well as cryptographers who are willing to help enhance their security measures.
The company quoted high offers from governmental organizations and black markets, and it was one of the reasons it did not enter the bounty business. They said there is no point in bidding if a company itself plans to be outbid by someone else. Though Apple’s latest offer is one of the highest reward bids in any company’s bug bounty programs; it is not going to strike the amount researchers can make from law-enforcement or the black market.
Bug bounty programs are doubtful to attract any hackers who only aim at making huge money. Business analysis say the company wouldn’t probably be able to pay enough to those who only find the ways to make more and more. However, it can certainly be helpful for those who believe that making an impact matters. In short, Apple’s announcement is all about incentivizing the good work.
The company’s management has moved on with the effectiveness of its idea of bug bounty programs which stands on the reports from Apple’s own employees who are responsible for testing the company’s products. According to the company’s spokesman, it is certainly becoming more difficult to discover vulnerabilities for internal testers as well as external researchers in a similar way; therefore this is the right time to begin with citing more incentive for bug reports.
Ben Bajarin who is a technology researcher states, Apple is noticeably making lots of efforts to do this within the firm by assigning the task to their best employee, but they say they are having a hard time discovering these things. Moreover, they also say their longing to continue making security is a developing discussion and it is going to be helpful to expand beyond their premises. He says this program is merely a development of security work Apple has already done in the past.