The Cupertino tech giant has launched a new Apple Security Research website for security researchers to report issues to Apple in an effective and transparent way.
In 2016, the tech company introduced Apple Security Bounty (ASB) program for researchers to find and report security vulnerabilities across its operating systems and earn rewards up to $100,000, if eligible.
However, several security researchers expressed frustration with the program and highlighted issues like Apple’s lack of communication, denial of recognition and reward, silent patching, and others. So much so, that a few disappointed researchers even considered selling the zero-day exploits they found to brokers because the company muted them and patched flaws without giving them credit and rewards.
The new Apple Security Research website is an upgraded version of Apple Security Bounty which is designed to patch the company’s tarnished relationship with security researchers exhausted with its ASB program.
Apple Security Research Device program
The company claims it has more than 1.8 billion active devices, worldwide and says that its new Apple Security Research portal will enable researchers to send their reports directly, earn recognition and rewards for keeping users safe and stay updated with blogs on the latest advances in Apple security from our engineering teams.
Our new Apple Security Research site makes it easier than ever for researchers to submit reports on the web, get real-time updates from Apple engineering, and earn recognition for helping to improve security for our users.
Apple Security Research site offers access to the following information:
- Upgraded Apple Security Bounty
- Responding much more quickly: the larger team will respond to each submission within six days to two weeks after completing an initial evaluation.
- Easier for researchers to report issues and communicate with Apple teams via the new site to send research and get real-time status updates.
- A new tracker to immediately reflect a change to the status of a submitted report.
- Notification system to communicate earned rewards in the tracker and by email.
- More transparency with Bounty and evaluation criteria detailed on the site.
- Apple Security Research Device Program allows researchers to sign-up for an iPhone exclusively made for security research.
- Latest from us blog posts
- Additional Resources for developers to make their app more secure and users to get help with a security feature or issue.