Our new Apple Security Research site makes it easier than ever for researchers to submit reports on the web, get real-time updates from Apple engineering, and earn recognition for helping to improve security for our users.
Apple also shared an update on some improvements to its Apple Security Bounty program.
First, we’re responding much more quickly. At times we received many more submissions than we anticipated, so we’ve grown our team and worked hard to be able to complete an initial evaluation of nearly every report we receive within two weeks, and most within six days.
Next, we’re making it easier for researchers to report issues and communicate with our teams. Our Apple Security Research site includes a new way to send us research on the web and get real-time status updates. Just sign in with your Apple ID and follow the prompts to send us a detailed report. You can then track the progress of your report and communicate securely with Apple engineers as we investigate.
Anytime there’s a change to the status of your report, it’s immediately reflected in the new tracker. If we have a specific update or need more information, you’ll also get an email notification. And if we make changes to the security of our devices or services based on your report, we’ll keep you up to date on the details, and let you decide how you’d like us to credit your work. We evaluate all eligible reports for Apple Security Bounty, and if your report receives a reward, we’ll notify you right away — both in the tracker and by email.
We’re also providing more transparency. Our site now includes detailed Apple Security Bounty information and evaluation criteria. Bounty categories include ranges and examples, so you can determine where you’d like to focus your research, and so you can anticipate whether your report qualifies for a particular reward. We’ve provided ranges for submissions that impact Apple services and infrastructure, as well as our products.
Starting today through November 30, 2022, we’re also accepting applications for the 2023 Apple Security Research Device Program. This program features an iPhone exclusively dedicated to security research, and can help you get started, go deeper, or improve the efficiency of your research work with iOS.
Check out the new site at the link below...