Apple calls for faster response to security bugs and launches a dedicated site

Apple’s security research device (source: Apple)

AppleInsider may earn an affiliate commission on purchases made through links on our site.

Apple has launched a new security research website and in its initial postings says it makes it easier to report issues and has already awarded nearly $20 million in bounties.

Now, the new site aims to make it easier to find where to report serious bugs, and able-bodied security consultants can also gain access to a “specially fused iPhone” to help with the search.

“The Security Research Device (SRD) is a specially fused iPhone that allows you to perform iOS security research without having to bypass its security features,” says a blog post on the new site. “Shell access is available and you can run any tool, choose your own rights, and even customize the kernel.”

“Using SRD allows you to confidently report all of your discoveries to Apple without risking losing access to the internal layers of iOS security,” he continues. “In addition, any vulnerabilities you discover with the SRD are automatically considered for Apple Security Bounty.”

Apple also says it’s “incredibly proud to have awarded researchers nearly $20 million in total payouts” since the bounty program began. These payouts include “20 separate rewards over $100,000” and Apple states that “to our knowledge, this makes Apple Security Bounty the fastest growing bounty program in industry history.” .

Along with the growing number of bounty payments, Apple says it’s working to process reports of security issues much faster.

“Sometimes we’ve received many more submissions than expected,” the company explains, “so we’ve grown our team and worked hard to be able to complete an initial assessment of nearly every report we receive within two weeks, and the most within six days.”

Apple is accept applications for the Security Research Device by November 30, 2022. Only a limited number of devices will be made available each year, and in addition to the strict requirements for applicants, there are conditions for their use.

Amanda J. Marsh