Google Bug Hunter Urges Apple To Change Its iOS Security Culture; Asks Tim Cook To Donate $2.45 Million To Amnesty For His Unpaid iPhone Bug Bounties

secwatcher writes: Prolific Google bug hunter Ian Beer ripped into Apple on Wednesday, urging the iPhone maker to change its culture when it comes to iOS security. The Verge: "Their focus is on the design of the system and not on exploitation. Please, we need to stop just spot-fixing bugs and learn from them, and act on that," he told a packed audience. Per Beer, Apple researchers are not trying to find the root cause of the problems. "Why is this bug here? How is it being used? How did we miss it earlier? What process problems need to be addressed so we could [have] found it earlier? Who had access to this code and reviewed it and why, for whatever reason, didn't they report it?" He said the company suffers from an all-too-common affliction of patching an iOS bug, but not fixing the systemic roots that contribute to the vulnerability. In a provocative call to Apple's CEO Tim Cook, Beer directly challenged him to donate $2.45 million to Amnesty International -- roughly the equivalence of bug bounty earnings for Beer's 30-plus discovered iOS vulnerabilities.

Re:He missed something...no surprise

[Jaime2]

Guy who found more than 30 iOS bugs says he sees a pattern that indicates Apple is failing at the fundamentals. Guy with access to a PDF say he's wrong. Guess who has the stronger case?