What you need to know
- A new report says Apple's Bug Bounty program isn't up to scratch.
- The Washington Post says the system has a massive backlog.
- It also cites security researchers and hackers who say it pays less than other companies.
A new report into Apple's bug bounty program says the system has a massive backlog of bugs that haven't been fixed, and that participants are not satisfied with how it operates.
From The Washington Post:
One expert told the Post that Apple's program meant "the house always wins" and that Apple had a bad reputation in the security industry. The Post says that two dozen security researchers pointed out how rivals like Facebook and Microsoft pay out more than Apple, highlighting the work of researchers and offering conferences and resources. By contrast, Apple was portrayed not only as stingy with payouts but also less transparent:
Two sources, worryingly, told the Post that Apple has a "massive backlog of bugs that it hasn't fixed," and other sources complaining that the "unfriendly nature of its bug bounty program has discouraged some security researchers from pointing out flaws to Apple."
Despite these reports in a statement, Apple described its program as a "runaway success", and said, "we working hard to scale the program during its dramatic growth, and we will continue to offer top rewards to security researchers working with us side by side to protect our users and their data on more than a billion Apple devices around the world."
The full report cites further instances of researchers being paid less than they thought they were owed, or sometimes nothing at all. At least one researcher says they spoke to Apple and said the company was "aware of how they're seen in the community" and was "trying to move forward", even hiring a new leader for its bug bounty program to reform the initiative.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design.
Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9