Security researchers criticized the Apple Security Bounty program and claimed the company ignored bug reports, denied bounty payments and silently patched vulnerabilities.
This week’s Risk & Repeat podcast discusses the infosec community’s growing discontent with Apple’s bug bounty program and what it could mean for the technology giant.
Several security researchers have recently criticized the Apple Security Bounty (ASB) program, accusing the company of ignoring vulnerability reports, silently patching bugs, denying bounty payments and credit, and other transgressions. Some bug hunters have publicly declared they will no longer engage with the ASB program, and others said they will look to sell their vulnerability discoveries to third parties, such as zero-day exploit brokers.
What are the root causes of Apple’s bug bounty woes? Will frustrations with Apple lead to critical exploits landing in the hands of spyware vendors and nation-state hacking groups? What does the company need to do to fix the situation? SearchSecurity editors Rob Wright and Alex Culafi discuss those questions and more in this episode.