Apple Bug Bounty Program Frustrates Participating Security Experts: Payment Confusion, Poor Communication, and Other Issues

By

Apple Bug Bounty program is the iPhone maker's project to reward security experts, who can find internal flaws and other systems issues in its newly released products and other services.

Apple Bug Bounty Program Frustrates Participating Security Experts: Payment Confusion, Poor Communication, and Other Issues
SAN FRANCISCO, CA - APRIL 23: A person walks by an Apple Store on April 23, 2013 in San Francisco, California. Analysts believe that Apple Inc. will report their first quarterly loss in nearly a decade as the company prepares to report first quarter earnings today after the closing bell. Photo by Justin Sullivan/Getty Images

"Apple offers public recognition for those who submit valid reports, and will match donations of the bounty payment to qualifying charities," said the giant tech creator via its official blog post.

The Cupertino tech giant offers thousands or even millions of dollars depending on the issue that you discover. To give you more idea, here are the categories that cybersecurity researchers can participate in:
iCloud ($100,000)

  • Device attack via physical access ($100,000-$250,000)
  • Device attack via user-installed app ($100,000-$250,000)
  • Network attack with user interaction ($150,000-$250,000)
  • Network attack without user interaction ($250,000-$1,000,000)

Based on these numbers, the rewards offered by the Apple Bug Bounty program are quite great. However, some security experts complain about certain issues.

Apple Bug Bounty Program Disappoints Security Experts

Luta Security CEO Katie Moussouris, who helped start the Defense Department's bug bounty program, said that Apple has a massive backlog of system issues it needs to fix.

Apple Bug Bounty Program Frustrates Participating Security Experts: Payment Confusion, Poor Communication, and Other Issues
People are seen behind the Apple logo in Apple's flagship London retail store on Regent Street on December 27, 2006 in London, England. With many stores open for the first time since Christmas Eve, bargain hunters are searching for the best buys as the post-Christmas sales get under way. Photo by Scott Barbour/Getty Images

"What do you expect is going to happen if they report a bug that you already knew about but haven't fixed? Or if they report something that takes you 500 days to fix it?" said Moussouris via Apple Insider.

This is not the only issue that Katie and other security experts complain about. They are also frustrated about the delayed payments, poor internal communication, as well as the so-called insular culture of the program, which drastically affects the company's device security efficiency.

Aside from the Bug Bounty program issue, Apple also faces a U.S. Labor Board investigation about alleged unfair labor practices. Apple employees also recently shared their negative workplace experiences.

Incorrect Payments are Being Sent?

Cedric Owens, a security researcher who discovered a flaw that could allow hackers to bypass MacBook's security system, also shared his experience in the Apple Bug Bounty program.

He said that he was supposed to receive around $100,000 from the company, but he was only paid $5,000. Owens complained that it is unfair since the issue they detected could lead to a sensitive data breach, which falls under the categories "Device attack via physical access" and "Device attack via the user-installed app."

For more news updates about the Apple Bug Bounty program and other similar stories, always keep your tabs open here at TechTimes.

Related Article 

This article is owned by TechTimes

Written by: Griffin Davis

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:AppleBug Bounty ProgramSecurity ExpertsSecurity
Join the Discussion
Most Popular
Real Time Analytics