Apple announces bug bounty program

At its Black Hat cyber security conference in Las Vegas, Apple said it would shortly launch a program under which researchers finding security bugs in its products would receive financial rewards.

The company said its bug-bounty scheme would be limited to about two dozen researchers, who'd previously helped the firm identify hard-to-uncover vulnerabilities, but had so far not been compensated for their effort.

Apple offers the most lucrative rewards of up to $200,000 (180,000 euros) for finding bugs in its security boot firmware meant to prevent unauthorized programs from launching when an iOS device is powered up.

It's about trust

"We go to tremendous lengths when it comes to engineering the security systems that provide trust in how we protect our user data," Apple's head of security engineering and architecture, Ivan Krstic, said at the Black Hat conference.

"We're fortunate that we've earned trust from our customers, but we realize that's something we have to keep earning," Krstic noted, adding that the bug bounty program would serve this purpose well.

Apple is late to a worldwide corporate trend to foster this type of initiative. Rewards for spotting security bugs have been offered for years by AT&T, Facebook, Google, Tesla Motors, Yahoo and - not to forget - Microsoft.

The Redmond-based company has handed out $1.5 million in rewards to researchers since it launched its bug bounty program about three years ago.

hg/mrk (Reuters, dpa)