In August 2016, Apple’s head of security Ivan Krstic stole the show at one of the biggest security conferences in the world with an unexpected announcement.
“I wanna share some news with you,” Krstic said at the Black Hat conference, before announcing that Apple was finally launching a bug bounty program to reward friendly hackers who report bugs to the company.
The crowd erupted in enthusiastic applause. But almost a year later, the long-awaited program appears to be struggling to take off, with no public evidence that hackers have claimed any bug bounties.
The iPhone’s security is so tight that it’s hard to find any flaws at all, which leads to sky-high prices for bugs on the grey market. Researchers I spoke to are reluctant to report bugs both because they are so valuable and because reporting some bugs may actually prevent them from doing more research.
