Apple Launches Security Research Site, Updated Bounty Program


    


    Apple Security Research is the new way to report and monitor Apple security issues.
    Screenshot/CNET
    


    Apple on Thursday launched the?Apple Security Research?site, meant to improve the ways people can learn about and monitor security issues. Users can also report security issues to Apple engineers via the Apple Security Bounty program.
    The first post on the site discusses XNU memory safety. XNU is the Apple-developed kernel that powers iOS, iPadOS and MacOS.
    The second post is about the progress made in the bounty program since it launched in 2016 and opened up to all researchers in 2019. Apple said it has awarded about $20 million in payments to security researchers, with an average payout of about $40,000 in the product category, and has given 20 separate rewards over $100,000 for high-impact issues.
    Apple also noted that it is responding faster to reported security issues.
    “We’ve grown our team and worked hard to be able to complete an initial evaluation of nearly every report we receive within two weeks, and most within six days,” Apple wrote.
    The site also shows detailed bounty information and categories so people will have a clearer idea of what to look for and what kind of reward they could receive. Some rewards could net you $5,000, while one or two could be worth over $1 million. If your report receives a reward, Apple will notify you by email as well as in a new tracker on the site.
    From now until Nov. 30, Apple is accepting applications for the 2023?Apple Security Research Device Program. People selected for the program will be given an iPhone that allows them to more easily find bugs in iOS.
    For more Apple news, check out how iPhones will be getting USB-C ports, what’s new in iOS 16.1 and how Apple raised the prices of Apple Music and Apple TV Plus.