Increasingly, technology producers and companies are using outside resources to test for security weaknesses in their products. Now it seems that the trend has extended to Apple, which plans to launch a bug bounty program in September.
Initially, white- and gray-hat hackers will only be able to participate if they’re invited by the company. However, individuals may be able to work their way into this elite group if they find a particularly interesting bug or flaw.
Successfully collecting a bounty could be quite lucrative for participants or the charities they choose to donate to. Apple has declared that it will match any donation made by participants on a 1:1 basis.
According to an Apple Insider report, the company is willing to pay out:
- $200,000 for bugs connected to secure boot firmware components;
- $100,000 for extraction of confidential material protected by Secure Enclave Processor;
- $50,000 for execution of arbitrary code with kernel privileges;
- $50,000 for unauthorized access to iCloud account data on Apple servers;
- and $25,000 for access from a sandboxed process to user data outside of that sandbox.
The tech company hopes that incentivizing the discovery of potential threats will decrease the likelihood that a flaw is exploited on millions of consumer devices. Expansion of the types of bug categories that will be incentivized will be addressed at a later date.