Apple's $1 Million Bug Bounty Comes Under Fire

Aug 9, 2019 04:00 pm Cyber Security 268

Apple's $1 Million Bug Bounty Comes Under Fire

Apple’s decision to offer a $1m bug bounty has been criticized as potentially creating collusion opportunities and perverse incentives.





According to The Verge, Apple announced that it has expanded its existing bug bounty program to include macOS, tvOS, watchOS and iCloud. It will include rewards of up to $1m for a zero-click, full-chain kernel-code-execution attack.





Previously a maximum $200,000 payout, the $1m payout will be for iOS vulnerabilities that let attackers control a phone without any user interaction.





Another $500,000 will be given to those who can find a “network attack requiring no user interaction,” reported Forbes.





Speaking to Infosecurity, Luta Security CEO Katie Moussouris said that she was concerned about raising it to this level “as it will probably have some unintended perverse incentive consequences,” because she said that this “does nothing to compete with the offense market.”





Moussouris argued it also may also produce collusion with internal employees. Thirdly, she was concerned that this “may eventually cannibalize Apple's own hiring policy and its career retention pipeline” as if there are quality assurance engineers who feel that this is their only chance to earn big, having earned enough to know enough about the architecture. “It would be a good investment for them; when else would you get a windfall like that?”





She said that “perverse incentives in ..

Support the originator by clicking the read the rest link below.

apple million bounty comes under
Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!