Almost a year ago, Apple created a reward program for those who find security flaws in their systems. Recently we’ve learned that researchers who are on this program think that the bitten apple company doesn’t pay enough to report such failures.
Experts make more profit with non-Apple companies
Apple’s rewards program has been available since August 2016, when it was introduced at the Black Hat Conference, an annual global event of InfoSeccasi. It has been almost a year now that experts have been able to report bugs in exchange for a financial reward that may be too small in comparison to the benefits such experts would get from third parties.
According to a report by Matherboard, a significant majority of researchers working with Apple in this field would have decided to stop sharing errors with Cupertino’s because of the low payments they receive in return for work that is quite thorough for them.
Motherboard would have contacted some members of the Apple rewards program for finding errors. Those members, in addition to preferring to remain anonymous, stated that although they each had to report an error to Apple, they did not know anyone who had done so . According to Patrick Wardle (Synack researcher and former NSA hacker) “iOS bugs are too valuable to report to Apple”. Wardle himself is speaking out, since he was invited to participate in the program last year.
Figures Apple pays security experts
Thus, many of the experts claim to be able to make more profit by selling the faults to third parties than to Apple itself. The profits offered by the Californian company could be as high as $200,000, depending on the vulnerability. But these figures could be lowered to $25,000. These figures seem low and insufficient for researchers.
Is the bug report that important?
After these events, Apple should reconsider rewarding experts with figures more in line with what they estimate and what other companies pay for the same work.
It is known that security on its devices and systems is vital for any technology company and, for Apple in particular, it is even more so because it has always been one of its strongest points and because of the doubts that this security has generated with recent hacking that some of its devices have suffered.
We have no doubt that this will not sit well with Cupertino, and we are waiting to see how he will resolve this issue. What do you think of this news considering how vital security is in a company like Apple? Tell us in the comments.