Apple Launches New Security Research Website

Apple today introduced Apple Security Research, a new website that is dedicated to improving the methods available to security researchers for reporting issues to Apple. The site offers up tools for sending Apple security reports, getting real-time status updates, and communicating with Apple engineers.

apple security research
In addition to housing information on the Apple Security Bounty program, the website is a blog that will allow the Apple engineering teams to share the latest advances in Apple security. The first post delves into XNU memory safety.

Apple today also shared progress that it has made with the Apple Security Bounty program. In the last two and a half years, Apple has awarded close to $20 million in payments to researchers. Average payouts are around $40,000 in the Product category, and Apple has paid 20 separate rewards over $100,000 for high-impact issues.

Apple says that it is now responding to issues more quickly than before, and has made it easier to report issues and communicate with Apple's teams through the launch of the new website. All bug report status changes are reflected in a new tracker available on the website, which also makes it easier for Apple to collect more information on bugs.

Transparency has been improved as well, with the site offering detailed Apple Security Bounty information and evaluation criteria so researchers have a better idea of what will earn a reward.

Today through November 30, 2022, Apple is accepting applications for the 2023 Apple Security Research Device Program, which provides qualified individuals with an iPhone that is designed specifically to make finding bugs easier.

Top Rated Comments

BGPL Avatar
8 months ago
Wonder if this means their VPN is gonna get fixed.
Score: 10 Votes (Like | Disagree)
ProfessionalFan Avatar
8 months ago
I would like to think nobody can find a negative about this program. Seems good and useful.
Score: 8 Votes (Like | Disagree)
Spaceboi Scaphandre Avatar
8 months ago
Bet you $5 this is to get ready for sideloading. Since the Digital Markets Act goes live next month they're gonna get forced to enable it and alternative app stores by March 2024 just like how they're now having to move the iPhone to USB-C.

They're gonna have to open up eventually so this new bounty program and the SRD is gonna be used to close as many vulnerabilities as possible before that time comes.
Score: 6 Votes (Like | Disagree)
frou Avatar
8 months ago
Looks like it's committing the sin of many homegrown blog systems: Not having an RSS feed!
Score: 6 Votes (Like | Disagree)
ghanwani Avatar
8 months ago
The best security is when you are disconnected. AI/ML decides when there’s a security threat and drops the WiFi connection. Folks think the connectivity loss is a bug, but it's actually a feature.
Score: 5 Votes (Like | Disagree)
antiprotest Avatar
8 months ago
I like security.
Score: 5 Votes (Like | Disagree)

Popular Stories

Google Assistant

Google I/O 2016: Assistant, Home, Allo, Duo, Android N, and More

Wednesday May 18, 2016 11:51 am PDT by
Google hosted its annual I/O developers keynote at the Shoreline Amphitheatre in Mountain View, California today, announcing multiple new products and services related to Android, search, messaging, home automation, and more. Google Assistant Google Assistant is described as a "conversational assistant" that builds upon Google Now based on two-way dialog. The tool can be used, for example,...