Bug Bounty Program Gets Updated
As well as the £1 million bug bounty, originally announced in August, the Apple Security Bounty also offers a 50% bonus if an issue is found in beta software. That means you could ultimately earn a total of $1.5 million from the program. Furthermore, Apple said that if the money is donated to a qualifying charity it will match it. Those discovering an issue will also be publicly acknowledged.
To qualify for a bug bounty a security researcher must:
- Be the first to report the issue.
- Provide a clear report with a working exploit.
- Not make the issue public before Apple releases its security advisory.
To maximize a payout, Apple recommends finding issues that affect multiple platforms and impact the most up-to-date products and sensitive components. Additionally, it recommends finding unique and novel issues. Obviously, only the first person to find the security flaw receives the money. Full details of the Apple Security Bounty are available on its updated website.