Apple Announces Bug Bounty At Black Hat With Maximum $200,000 Reward

msm1267 quotes a report from Threatpost: Apple closed out Black Hat today with a long-awaited announcement that next month it will launch a bug bounty. The Apple Security Bounty will be an invitation-only program, open to two dozen researchers at the outset, said Ivan Krstic, head of security engineering and architecture. The maximum payout is $200,000 and five classes of bugs in iOS and iCloud are in scope. Apple said the maximum reward will be $200,000 for vulnerabilities and proof-of-concept code in secure boot firmware components. It will also pay $100,000 for the extraction of confidential material protected by its Secure Enclave Processor, $50,000 for code execution flaws with kernel privileges or unauthorized access to iCloud account data on Apple servers, and $25,000 access from a sandboxed process to user data outside that sandbox.

Invitation-only

I don't think Apple understands the concept of the bug bounty program. Making it invitation-only will not persuade those who find bugs and have not been invited from sharing the details of the bug with you.

invitation only... $200,000 max

[fustakrakich]

In the meantime the uninvited enjoy much greater rewards exploiting the bugs