Published in News

Apple’s bug bounty programme failing

by on07 July 2017

Apple bugs are too valuable

When Apple launched its bug bounty programme last year, the Tame Apple Press thought it was the bee's knees, but what they are not telling you now is that it is a flop.

The Tame Apple Press claims that the reason few bugs have been reported to Apple is that the operating system is the most secure in the world and no one can match it. This means that all those bugs that are out there fetch a good price on the market.

Most of us outside the reality distortion field might find those two statements contradictory. If Apple security was so damn good, there would not be as many black market exploits up for sale. What is more likely is that Apple’s bug bounty failed because it is not paying enough.

Security experts tell us that bugs are too valuable to sell to Apple. Not only can you flog them for serious cash to law enforcement, spooks, criminals, and other hackers, you can do so at a bigger price than Apple wants to pay.

To put this into some perspective; a zero day can fetch $1.2 million from Zerodium, while the most Apple is prepared to pay is $200,000. Exodus Intelligence offers up to $500,000 for similar iOS exploits.

If White Hat hackers report them to Jobs’ Mob, they are prevented from doing more research on the bug. Apple itself has killed off this market by refusing to allow White Hat hackers to test the phone’s security. In the good old days, it used to offer selected white hats “developer phones” to break to help their research while fixing problems. Now it does not do that.

Last modified on 07 July 2017
Rate this item
(0 votes)