Published on August 10th, 2019 📆 | 3035 Views ⚑0
Bugcrowd On Apple’s New Bug Bounty
CTO and Founder,
August 09, 2019
Apple has been very clever in developing tooling to help bring in some of the upstarts in the security researcher community.
Apple’s bug bounty program is in a unique position, given it needs to compete with an established offensive market. Most other industry players don’t face this hurdle, and this in combination with their focus on product security is a telling sign of why payouts are so large. The skills to find the types of bugs Apple are targeting are rare and often tied up in the offensive market, and is another indication of why payouts are high. It’s great to see the bounty team there working with their incentives to match that, and a it’s smart move to gain access to that talent to make their products stronger.
The iOS Security Research Device Program is interesting too – Apple has been very clever in developing tooling to help bring in some of the upstarts in the security researcher community, making the onramp to being a productive iOS hacker much easier for them. There are many folks with the core skills and intelligence required to help with discovery of Apple bugs, but they haven’t done a lot of it yet, for instance. With access to the new program, Apple is making way for the rising stars, and achieving their goal of growing the community who understand their technologies at this deep a level.