Apple offers $200,000 to bug hunters

But Apple's bug bounty scheme is strictly 'by invitation' only

Apple has become the latest company to set-up a bug bounty scheme in a bid to persuade hackers and security specialists to come forward with information about security flaws, rather than sell them to the highest bidder.

Ivan Krstic, Apple's head of security engineering and architecture, announced Apple's scheme at this week's Black Hat security event in Las Vegas, Nevada and revealed that Apple will pay out as much as $200,000 for flaws found in its secure-boot firmware, for example.

There has been money to be made from picking apart Apple's iOS operating system for a while, and just not from Apple. Instead, the bounties have been offered by third parties, including Zerodium, which paid a $1m iOS 9 bug bounty in 2015.

In addition, national governments, including that of the US, have been crawling all over Apple's ecosystem in a bid to find ways to crack the devices.

Apple's move ought to create a better relationship between the company and crackers, as well as helping the company to stay one step ahead of potential hackers, particularly well-financed, state-sponsored attackers.

"We've had great help from researchers like you in improving iOS security all along. Feedback that we've heard pretty consistently from my team at Apple and from researchers directly is that it's getting increasingly difficult to find some of those most critical security vulnerabilities," Wired quoted Krstic as saying.

"So the Apple Security Bounty Programme is going to reward researchers who share critical vulnerabilities with Apple...

"We go to tremendous lengths when it comes to engineering these security systems that provide trust in how we protect user data," Krstic added as he flashed some of that Apple cabbage at the hacking community.

"We're fortunate that we've earned trust from our customers, but we realise that that's something we have to keep earning," he said.