No software is completely invulnerable to security flaws, and this is why there are companies who offers up bounty programs to developers/hackers who can identify these flaws on their behalf, and in exchange, they get paid a fee for doing so. Apple isn’t one of those companies, at least until recently.During the Black Hat Conference, Apple’s head of security engineering Ivan Krstic made an appearance on stage in which he announced Apple’s own bounty program. The program will pay out as much as $200,000 if developers and hackers are able to discover and report major vulnerabilities in Apple’s software and services.
As you can see in the presentation slide above taken by Jay Freeman, there will be different amounts paid out depending on what they find, with the maximum being $200,000, and the lowest being $25,000, which we reckon is still pretty decent, but it will also depend on several factors that will be taken into consideration.
A report from TechCrunch reads, “Although each category of vulnerability maxes out at the given rate, Apple will determine the exact reward amount based on several factors: the clarity of the vulnerability report; the novelty of the problem and the likelihood of user exposure; and the degree of user interaction necessary to exploit the vulnerability.”