Since launching its bug bounty program nearly a decade ago, Apple has always touted notable maximum payoutsâ$200,000 in 2016 and $1 million in 2019. Now the company is upping the stakes again. At the Hexacon offensive security conference in Paris on Friday, Apple vice president of security engineering and architecture Ivan KrstiÄ announced a new maximum payout of $2 million for a chain of software exploits that could be abused for spyware.
The move reflects how valuable exploitable vulnerabilities can be within Apple’s highly protected mobile environmentâand the lengths the company will go to to keep such discoveries from falling into the wrong hands. In addition to individual payouts, the company’s bug bounty also includes a bonus structure, adding additional awards for exploits that can bypass its extra secure Lockdown Mode as well as those discovered while Apple software is still in its beta testing phase. Taken together, the maximum award for what would otherwise be a potentially catastrophic exploit chain will now be $5 million. The changes take effect next month.
âWe are lining up to pay many millions of dollars here, and thereâs a reason,â KrstiÄ tells WIRED. âWe want to make sure that for the hardest categories, the hardest problems, the things that most closely mirror the kinds of attacks that we see with mercenary spywareâthat the researchers who have those skills and abilities and put in that effort and time can get a tremendous reward.”
It’s great to see Apple increasing its bug bounty reward to $2 million. This shows their commitment to security and encourages more researchers to contribute to the safety of their products. Looking forward to seeing the impact this will have!
Absolutely, it’s a significant step that reflects their dedication to security. It will be interesting to see how this increase might attract more researchers to report vulnerabilities, potentially leading to even safer products for users.
I agree, it really highlights how seriously Apple takes security. Itâs also fascinating to see how this increase in rewards might attract more skilled researchers, potentially leading to even more robust security measures in their products.
I completely agree! It’s impressive that Apple is willing to invest so much in security. The increased bounty not only encourages researchers to find vulnerabilities but also reflects the growing importance of cybersecurity in today’s digital landscape. It’s a proactive approach that could inspire other tech companies to enhance their own programs.
You’re right, the investment is quite significant! Itâs interesting to see how this move not only encourages more researchers to participate but also highlights the growing importance of cybersecurity in today’s tech landscape.
Thanks for your comment! Itâs indeed a substantial investment. This increase in rewards might also encourage more ethical hackers to participate, potentially leading to a more secure environment for all Apple users.