Apple today introduced Apple Security Research, a new website that is dedicated to improving the methods available to security researchers for reporting issues to Apple. The site offers up tools for sending Apple security reports, getting real-time status updates, and communicating with Apple engineers.
In addition to housing information on the Apple Security Bounty program, the website is a blog that will allow the Apple engineering teams to share the latest advances in Apple security. The first post delves into XNU memory safety.
Apple today also shared progress that it has made with the Apple Security Bounty program. In the last two and a half years, Apple has awarded close to $20 million in payments to researchers. Average payouts are around $40,000 in the Product category, and Apple has paid 20 separate rewards over $100,000 for high-impact issues.
Apple says that it is now responding to issues more quickly than before, and has made it easier to report issues and communicate with Apple's teams through the launch of the new website. All bug report status changes are reflected in a new tracker available on the website, which also makes it easier for Apple to collect more information on bugs.
Transparency has been improved as well, with the site offering detailed Apple Security Bounty information and evaluation criteria so researchers have a better idea of what will earn a reward.
Today through November 30, 2022, Apple is accepting applications for the 2023 Apple Security Research Device Program, which provides qualified individuals with an iPhone that is designed specifically to make finding bugs easier.
