Apple today introduced Apple Security Research, a new website designed to improve the methods security researchers can use to report issues to Apple. The site provides tools to submit security reports to Apple, receive real-time status updates, and communicate with Apple engineers.
The website not only contains information about the Apple Security Bounty program, but also a blog where Apple's development teams report on the latest advances in Apple security. The first post is about XNU memory security. Apple also reported on the progress of the Apple Security Bounty program today. Over the past two and a half years, Apple has paid out nearly $20 million to researchers. The average payout is $40,000 in the Product category. Apple has paid out 20 different rewards of over $100,000 for particularly serious issues.
Security: Apple can now respond to problems faster
Apple says the company is now responding to issues more quickly than before and has made it easier to report bugs and communicate with Apple's teams with the new website. Any bug report status changes are reflected in a new tracker on the website, which also makes it easier for Apple to collect more information about bugs.
Transparency has also been improved: The website provides detailed information about the Apple Security Bounty and the evaluation criteria so that researchers have a better idea of what they will receive a reward for. Starting today and through November 30, 2022, Apple is accepting applications for the 2023 Apple Security Research Device Program, which will provide qualified individuals with an iPhone specifically designed to facilitate bug hunting. (Photo by Your_photo / Bigstockphoto)
