The Cupertino tech giant has launched a new Apple Security Research website for security researchers to access its upgraded Apple Security Bounty program to submit reports, review their status, content to the company’s team, and more, stay updated with the latest security advancements from the company’s engineers, and more importantly, apply for the Apple Security Research Device program.
The new Apple Security Research Device program features an iPhone exclusively dedicated to security research and to help researchers efficiently carry out their research work on iOS. Here is everything we need to know about the new program.
Everything we need to know about the new Apple Security Research Device program
Interested applicants have till November 30, 2022, to apply for the 2023 Apple Security Research Device (SRD) program to get an iPhone for research work on a 12-months renewable basis to run any tool, entitlements, and kernels without having to bypass its security features.
Participants will be able to report their findings to Apple without risking the loss of access to iOS security’s inner layers. The reported issues will be automatically considered for Apple Security Bounty.
Eligible participants must be Apple Developer Program members, have a track record of successful security findings, be 18 years or older, and not be current Apple employees or employed by the company in the last 12 months.
As per the shared guidelines, the SRD is not meant for personal use and will remain Apple’s property throughout the 12-months period SRD will be in the participant’s possession.
- The SRD is intended for use in a controlled setting for security research only. If your application is approved, we will provide you an SRD for use on a 12-month renewable basis. During this time, the device remains the property of Apple.
- The SRD isn’t meant for personal use or daily carry and must remain on the premises of program participants at all times. Access to and use of the SRD must be limited to people authorized by Apple.
- If you use the SRD to find, test, validate, verify, or confirm a vulnerability, you must promptly report it to us and, if the bug is in third-party code, to the appropriate third party.