Later this week, at the Black Hat security conference in Las Vegas, Apple is to announce plans to give security researchers special iPhones that will make it easier for them to find weaknesses in the smartphone.
The iPhones, which will essentially be “dev devices” will be given to the rock star hackers that participate in the Cupertino company’s invitation-only bug bounty program, where participants disclose bugs in Apple products in return for monetary rewards. The payments can go as high as $200,000, as announced at the 2016 Black Hat conference.
This is a great move by Apple. It is important for companies, especially those dealing with mounds of sensitive personal data, to have a public-facing way to report bugs and vulnerabilities. As a society, we must agree and mandate that anyone providing a digital product or service must have a proper way of receiving bug reports and fixing the problems. We owe this to each other. Society has figured out hospital hygiene and airline safety, to name just two areas, and similarly we need to jointly and resolutely figure out personal device security. Even if millions of people find nothing to report, and thousands may report something that isn\’t really a bug, it still is worth it when just one person finds something.