Cybersecurity researchers are not satisfied with the Apple Bug Bug program, which already has a solid backlog of undetermined bugs, according to reports.
Apple launched its Bug Bounty program in 2016, but opened it only to the public in 2019. The program has several reward levels, up to $ 1 million for the most serious vulnerabilities.
On the basis of comments from domain experts and anonymous safety researchers, the Washington Post now indicates that the company did not appreciate a good reputation in the security sector.
“It’s a bug leaps program where the house always wins,” Katie Moussouris, CEO and founder of Luta Security, “said Washington.
Security insensibility
As an example of Apple’s apparent disdain for security researchers, the Washington Post quotes the instance of Cédric Owens who has submitted a bug that could have been exploited to enable computer hackers to install malicious software on MAC computers, to circumvent Apple’s security measures.
Although security experts indicate that the bug has put Mac users “at a serious risk,” paid Apple Owens a USD 5000 for his troubles. This is surprisingly shocking considering that there is an active dark web market that is willing to pay large dollars for such vulnerabilities.
Moussouris believes that Apple’s attitude towards the bug bounty program will lead to “less safe products for their customers and more and more cost the line”.
It’s not too difficult to understand, given the recent Spyware Pegasus scandal, followed by another zero attack on the latest iPhone devices.
Work out
Apple, however, calls its program a “success runway” in an official statement, stating that the company leads the industry in the average amount paid per premium.
In terms of total premiums, however, the report indicates that, while Apple spent $ 3.7 million in 2020, Google paid $ 6.7 million the same year, while Microsoft made a bonus of a $ 13.6 million in the 12 month period from July 20th.
Ivan Krstic, Apple’s Engineering and Safety Architecture Manager called the company’s bug bug program, a work of work in progress, listing the different ways to develop the program, while reducing response times and improving communication.
Techradar Pro contacted Apple for its views on the news.