Apple has revised its internal security portal, responding in a blog post written before the relaunch to criticism from hacker circles, who have long accused Cupertino of being too slow to respond to reported security vulnerabilities and underpaying for verification.
Response time of 6 days
The so-called Apple Security Bounty, a program that rewards hackers and IT security experts for vulnerabilities found, now responds much faster to new submissions. The team has grown and can now respond to almost all reports within two weeks. In fact, most reports would be processed within six days.
In addition, contacting security experts has been simplified and a separate form for submitting discovered vulnerabilities is now available, which not only allows Apple ID logins, but also allows ongoing business tracking while Apple verifies and evaluates the information provided by the finder. evaluates.
Average $40,000 per hole
According to Apple, the internal security premium is one of the fastest-growing compensation programs in the industry and would pay out about $40,000 on average for found security vulnerabilities. Since the program’s inception, 20 separate payments in excess of US$100,000 have also been made for particularly serious security gaps.
Apple introduced its internal bug bounty program at the BlackHat conference in 2016 and increased the potential bounty to up to $1 million in 2019. Previously, there had been repeated reports from the scene that identified security vulnerabilities could be sold on the black market much more profitably than before. at Apple itself.
Apple’s new security portal is waiting for your visit here.