1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Apple's bug bounty program is coming under criticism - here's why

    From TechnologyDaily@1337:1/100 to All on Fri Sep 10 13:00:04 2021
    Apple's bug bounty program is coming under criticism - here's why

    Date:
    Fri, 10 Sep 2021 11:38:21 +0000

    Description:
    The cybersecurity ecosystem doesnt particularly enjoy working with Apple, according to reports.

    FULL STORY ======================================================================

    Cybersecurity researchers arent pleased with Apple's bug bounty program, which already has a massive backlog of unfixed bugs, according to reports.

    Apple launched its bug bounty program in 2016, but only opened it to the public in 2019 . The program has several reward tiers, going all the way to
    $1 million for the most serious of vulnerabilities.

    Based on comments from domain experts and anonymous security researchers, the Washington Post now reports that the company doesnt enjoy a good reputation
    in the security industry. Protect your devices with these best antivirus software These are the best ransomware protection tools We've put together a list of the best endpoint protection software

    Its a bug bounty program where the house always wins, Katie Moussouris, CEO and founder of Luta Security, told the Washington Post . Security insensitivity

    As an example of Apples apparent disdain for security researchers, the Washington Post cites the instance of Cedric Owens who submitted a bug that couldve been exploited to allow hackers to install malicious software on Mac computers, bypassing Apples security measures.

    While security experts said the bug put Mac users at grave risk, Apple paid Owens a measly $5000 for his troubles. This is surprisingly shocking considering that theres an active dark web market thats willing to pay big bucks for such vulnerabilities.

    Moussouris believes Apples attitude towards the bug bounty program will lead to less secure products for their customers and more cost down the line.

    That isnt too hard to fathom given the recent Pegasus spyware scandal , which was followed by news of another zero-click attack on the latest iPhone
    devices . Work in progress

    Apple however calls its program a runaway success in an official statement, saying that the company leads the industry in the average amount paid per bounty.

    In terms of total bounties awarded though, the report states that while Apple spent $3.7 million in 2020, Google paid $6.7 million in the same year, while Microsoft dished out bounties worth $13.6 million in the 12-month period beginning July 2020.

    Ivan Krstic, head of Apple Security Engineering and Architecture called the companys bug bounty program a work in process, listing the various ways the company is working to expand the program, while reducing response times and improving communication.

    TechRadar Pro has contacted Apple for its view on the news. Here's our choice of the best malware removal software on the market

    Via Washington Post



    ======================================================================
    Link to news story: https://www.techradar.com/news/apples-bug-bounty-program-is-coming-under-criti cism-heres-why/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)