Hacker News new | past | comments | ask | show | jobs | submit login

I wonder if they are backfilling rewards to any of the external researchers who have been doing all of Apple's security research for the last decade. Just as an example, a single researcher from Google is credited with 11 separate vulnerabilities that would qualify for the $50k reward, in a single patchlevel of OS X (and the same person had five such credits in the patchlevel prior to that!). That's almost a million bucks worth of rewards in only half a year of disclosures.



I don't think it would make economical sense for Apple to pay for something that they already got for free.


Sure, but it would be a gesture of goodwill and a way of making amends for years of freeloading.


That guy did 10 more after the first freebie. Could it be that something else was motivating him?


I believe the researcher in question works for project 0.


Among the many reasons this is very unlikely to happen, the bounty values we see now account for the increased difficulty of finding these kinds of vulnerabilities in iOS since its earliest releases. This is an OS that was designed as a platform for secure applications --- that's part of the premise of apps on the Apple phone --- and it's gotten much harder to find and exploit vulnerabilities on the platform since that release.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: