Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zero-Day Hunters Will Pay Over Twice as Much as Apple's New Bug Bounty Programme (vice.com)

Posted by msmash on from the please-take-my-money dept.

Joseph Cox, writing for Motherboard: Last week, Apple finally joined other technology giants and announced a bug bounty programme, where hackers can submit details of previously unknown vulnerabilities in Apple systems and devices, and get paid for sharing them with the company. But Apple is not going to be without competition. On Wednesday, established bug-hunting company Exodus Intelligence launched its own new acquisition programme for both vulnerabilities and exploits. And when it comes to iOS bugs, the company is offering up to more than double Apple's maximum payout. While Apple's highest bounty is $200,000, Exodus is advertising a maximum of $500,000 for vulnerabilities affecting iOS 9.3 or above. Exodus provides details of vulnerabilities and working exploits to customers who pay a subscription fee of around $200,000 per year, according to Time. Those customers could be on the defensive side -- such as antivirus vendors who want to plug newly discovered holes -- or part of an offensive team using the exploit to target systems themselves. On its site, Exodus emphasises the former, writing that it "works with the research community to find these attacks first and make them available to security vendors and enterprises, allowing them to deploy defenses before their adversaries can attack."

3 of 29 comments (clear)

  1. Re:And they won't need to pre-approve you by _Sharp'r_ · · Score: 2

    Now if they don't demand exclusivity... or if you and a "friend" can submit very similar bugs to each program separately and reap multiple rewards...

    --
    The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
  2. It was $1M last year by tlhIngan · · Score: 4, Interesting

    Face it, Apple can never outbid on bugx.

    I mean, last year, they offered 3 prizes of $1M each for a jailbreak (one of which was claimed).

    At a time when Windows and Android exploits go for maybe $10,000 each regularly and $100k tops, iOS vulnerabilities exceed that.

  3. Re:And they won't need to pre-approve you by wardrich86 · · Score: 2

    Or maybe it's because the governme- I mean the Zero-Day hunters - have a bigger wallet than Apple?