Apple Will Pay Hackers $200,000 to Find Security Flaws in Its Software

Security has always been of paramount importance to Apple and Apple’s commitment to privacy was put to the test earlier this year, when the FBI demanded that Apple unlock the iPhone 5c of San Bernardino terrorist Syed Farook.

To do so, Apple would have had to create a new version of iOS that lacks important security features integrated into the software. Apple refused, with CEO Tim Cook stating that the FBI’s demands have “implications far beyond the legal case at hand,” and the ensuing legal battle could set a dangerous precedent that would “undermine the very freedoms and liberty our government is meant to protect.” Eventually, the FBI was forced to turn to a third-party, paying out a reported $1 million to gain access to the device.

Although Apple has always placed security first and foremost when designing their hardware and software, they have always done so in-house. The company has refused to pay for the discovery of flaws in their software, and no representative from the company has spoken at the famed Black Hat computer security conference in over four years. Apple has always maintained a shroud of secrecy over their security. Until now.

Apple’s head of security engineering and architecture, Ivan Krstic, recently attended the 2016 Black Hat conference in Las Vegas, announcing that Apple would be offering cash bounties of up to $200,000 to hackers that discover any security flaws in their software. Apple’s new “bug bounty” program will launch in September, and will begin on an invite-only basis. Krstic mentioned that the program will become more open as it grows, but will begin only with a few dozen trusted researchers, but will likely invite non-members into the program if they approach the company with a significant flaw that needs patching.

Big-name tech companies like Google and Microsoft have employed similar programs for years, and as users are beginning to store more personal information on their electronic devices, companies such as Uber, Chrysler, and the Department of Defense have begun to employ such programs as well. In an interview with TechCrunch, co-founder of bug bounty program Hacker One Alex Rice said “there isn’t a company yet who has launched a bug bounty program and has not identified new vulnerabilities that they didn’t know about yet.” Rice added, “if a company is launching a bug program, they’ve knocked out all the low hanging fruit, they follow best practices, but they know it’s not enough.”

Apple is taking just one more step in the direction of ensuring the security of their latest hardware and software.

What do you think about Apple’s stance on security? Let us know in the comments below!