Apple launches new security research site to expedite response to vulnerability reports

Apple today launched a new website, called Apple Security Research, dedicated to improving how security researchers report problems to Apple. The site provides tools to send Apple security reports, get real-time status updates, and communicate with Apple engineers.

Join us on Telegram

In addition to having information on the Apple Security Bounty program, the site is also a blog that will allow the Apple engineering team to share the latest advancements in Apple security, and the first post of the blog delves into XNU memory safety.

Apple also shared today its progress on the Apple Security Bounty Program. Over the past two and a half years, Apple has paid researchers nearly $20 million in bounties. The average bounty in the product category is about $40,000, and Apple has paid out 20 bounties of over $100,000 each for major bugs.

Apple said it is now more responsive to bug reports than before and is making it easier to report issues and communicate with Apple’s teams by launching a new website. Status changes for all bug reports are reflected in a new tracker available on the website, which also makes it easier for Apple to collect more bug information.

Transparency has also improved, and the site provides detailed Apple security bounty information and evaluation criteria, so researchers have a better understanding of how to earn rewards.

From today until November 30, 2022, Apple is accepting applications for the 2023 Apple Security Research Device Program, which provides eligible individuals with an iPhone specifically designed to hunt for vulnerabilities.

(via)