Many security researchers aren’t happy with Apple’s bug bounty program

Apple has had a bug bounty program in place for years now. It’s meant to give altruistic hackers and security researchers a means to weed out potential issues for Apple’s software and platforms. Doing that usually means a big payout. But it turns out there are some issues and some researchers are none too pleased.

That’s according to a report from The Washington Post, which details many different security researchers are aren’t happy with Apple’s bug bounty program in its current state. The overall function of the program is part of the problem for many researchers, while others take umbrage with the low payouts Apple doles out in comparison to other major tech companies.

To that end, Apple does seem to dish out far less money than, say Google and Microsoft. According to the report, in 2020 Apple paid out $3.7 million as part of its program. That compares to the $6.7 million Google paid out. But both pale in comparison when Microsoft is thrown into the mix, because that company handed out $13.6 million that year.

Apple Tower Theatre wallpaper basicappleguy idownloadblog Apple logo iPad

Some researchers aren’t happy that Apple doesn’t highlight those who find high-level, and potentially dangerous bugs. Apple apparently doesn’t provide resources on the same level as some other companies, and it doesn’t hold conferences, either.

The report indicates that Apple inherently limits feedback when it comes to payouts for bug discoveries. Some Apple employees have said that there is an extensive backlog for bugs that have yet to be addressed. Which relates to some researchers who say Apple is slow to address bug discoveries in general. And some even go as far as to say Apple isn’t paying out what’s owed.

Which has led some researchers to take alternative routes than simply passing along information to Apple. Some security researchers are selling the information they discover, the bugs they root out, to companies or government agencies. Which is obviously not what Apple is aiming for with its own bug bounty program.

Of course, there’s a bit of a warning. The report highlights Katie Moussouris, the founder of Luta Security, who says that Apple’s “poor reputation” within the security community may lead to “less secure products” in the future.

Hopefully that doesn’t become the case and Apple can rectify this situation moving forward.