by Jason Snell
Apple joins the security bounty culture
Rene Ritchie at iMore:
Today, as part of the company’s presentation at the Black Hat security conference, Apple will be announcing its first security bounty program. It’s pragmatic but optimistic, and continues Apple’s tradition of looking at security as a multi-layer, multi-model challenge that requires constantly evolving technologies and practices.
The bounty program launches in September with a small group of researchers. Apple told me the company will be focusing on an exceptionally high level of service and putting quality very much ahead of quantity. The program will be expanded over time, but if anything urgent comes up, Apple is also open to working with other researchers on a case-by-case basis.
This is good news. In stories about major security breaches (as well as other security-related stories, like the FBI trying to break into the phone of a terrorist by using a security exploit), Apple is often criticized for lacking any sort of security bounty program. These days, security bounties—paying security researchers who discover security failures—is a common way of doing business. The researchers get credit and a reward, as well as motivation to find more bugs.
(A little more info at The Verge, and a lot more from Rich Mogull.)