Apple Announces Long Awaited (But Invite Only) Bug Bounty Program At Black Hat

At this point in time, it’s almost expected that any large corporation that produces software would have a bug bounty program. Google has one, and so does Microsoft. Even Mozilla has one. Who hasn’t? Apple. That changes today, and as if it wants to prove that it’s serious about it, the company took to Black Hat to make the announcement.

Bug bounty programs allow software hackers to poke and prod a company’s software in the attempt to find bugs. Once one is found, companies generally weigh its severity, and pay accordingly. In some cases, these bugs could be worth one hundred dollars, while in others, they could be worth thousands. If you’re skilled enough, you can make a full-time job out of filling bug bounties.

Today Apple introduced a bug bounty program with maximum payout of $200,000. Will go live in Sept. #BlackHat2016 pic.twitter.com/Zo4iDO5Ybw

— Robert McMillan (@bobmcmillan) August 4, 2016

It was Apple’s Head of Security Engineering and Architecture Ivan Krstic who made the announcement at the show, and he said something that was sure to delight the audience: bug bounties could be worth up to $200,000. Even the least important area of focus has bounties ranging up to $25,000. Realistically though, most bounty hunters won’t see the top-end of these ranges, as they’d require a serious gem to be found.

As TechCrunch highlights, Apple had avoided getting into the bug bounty business because the bidding process resulted in high prices. With it setting its own prices, it’s out there in the open, so those who see the value in what’s being offered (which is quite generous) can dive right in and get to work.

To some, even $200,000 might not be a good enough payout, so Apple might still have to deal with exploits being sold on the black market – but hopefully those occasions wouldn’t happen too frequently, and when it does happen, and a bug becomes known about, it should improve the chances of others finding and submitting the bug before it gets too out of hand. At least, that’d be the hope.

Here’s one thing that’s interesting, though: Apple thinks its bug bounty fillers should donate their earnings. That’s a lofty request, but it offers a compelling reason to do so: if Apple approves of your charity, it will match your payout. There’s no word on whether “The Human Fund” would qualify.