OnePlus announces new bug bounty program to strengthen its cybersecurity

OnePlus announces new bug bounty program to strengthen its cybersecurity

These iPhones are provided as part of Apple's next iOS Security Research Device Program, which aims to encourage additional security researchers to reveal vulnerabilities, which ultimately leads to safer devices for consumers. These are the bugs that the Cupertino company already fixed in the past, but are reintroduced inadvertently in the later build of the software.

Apple laid out how its bug bounty rewards work. Now everyone can participate.

Starting today, the company will accept vulnerability reports for a much wider spectrum of products that also includes as iPadOS, macOS, tvOS, watchOS, and iCloud.

Apple has also increased the maximum size of the bounty from $200,000 per exploit to $1 million depending on the nature of the security flaw. To try to get it, the interested parties will have to respect some rules. "Reports lacking necessary information to enable Apple to efficiently reproduce the issue will result in a significantly reduced bounty payment, if accepted at all". An indication of any prerequisites necessary for the emergence of the problem. There are also several techniques and exploits on the announcement page that count as "Ineligible Issues' in case anyone looks to go that route". It nearly always coincides with the release of the corrective patch. Also, Apple has mentioned that, where relevant, researchers should also use the latest publicly available hardware. The most paid discoveries ever are related to vulnerabilities that allow performing network attacks without user interaction (zero-click bug). While the top tier is $1 million, Apple offers a 50% bonus for bugs found in developer and public betas. Now, the expanded program is live, as Ivan Krstić, Apple's Head of Security and Architecture, has announced on Twitter. But which resurfaces in a subsequent software release.

Apple's Bug Bounty Program is one of the lucrative in the tech industry today and will be paying out as high as $1 million to researchers who discover critical vulnerabilities in the company's softwares.

Related Articles