Apple joins the bug bounty party with $200,000 top prize Security researchers can win up to US$200,000 in Apple's new bug bounty program, announced by the company on Thursday at the Black Hat security convention in Las Vegas. “We’ve had great help from researchers like you and the security mechanisms we build have gotten stronger,” said Apple’s head of security engineering and …
Since some will be worth more on the black market, there's really no way they could offer enough to get them all.
If the black market price for a 0 day kernel exploit that Apple will pay $50K for is $1 million, it makes sense to sell them on the black market unless you're a white hat. So let's say Apple ups the award to $2 million and gets every single 0 day in the world, the black market doesn't have any left. A month or two after the release of the "secure" iOS version that includes all those fixes someone finds a new 0 day, and learns the black market price has gone up to $5 million because of their recent scarcity...
Sure. It could become an "arms race" towards whoever has the deepest pockets.
Bearing in mind that although the various three letter agencies have deep pockets, Apple does too.
In the meantime, the phones could likely become increasingly secure. With the side benefit of various hats out there dedicating quite a lot of time to making that happen (through looking for the holes).
I suppose for the more expensive bugs, Apple could use an intermediary to buy the bugs on the black market, rather than openly offering a bounty that essentially puts a floor on the black market price. Not to mention that those selling bugs would ask a lot more if they knew they were dealing with Apple, because they have the deepest pockets there are.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
