Apple today introduced Apple Security Research, a new website dedicated to improving the methods available for security researchers to report problems to Apple. The site offers tools to send Apple security reports, get real-time status updates, and communicate with Apple engineers.
In addition to housing information on the Apple Security Bounty Program, the website features a blog that will allow Apple engineering teams to share the latest advances in Apple security. The first post covers XNU memory security.
Apple today also shared progress with the Apple Security Bounty Program. Over the past two and a half years, Apple has paid out nearly $20 million to researchers. The average payout in the product category is about $40,000, and Apple has made 20 separate awards of more than $100,000 for high-impact issues.
Apple says it’s now responding to issues faster than ever, and has launched a new website to make it easier to report issues and communicate with Apple’s teams. All bug report status changes are reflected in a new tracker available on the website, making it easier for Apple to gather more information about bugs.
Transparency has also been improved, with the site offering detailed Apple security bounty information and evaluation criteria so that researchers have a better idea of what the reward will be.
Today through November 30, 2022, Apple is accepting applications for the 2023 Apple Security Research Device Program, which provides eligible individuals with an iPhone specifically designed to make bug detection easier.