Following the news that the teenager who reported Apple’s FaceTime bug is to be paid by Apple for his discovery, Jake Moore, Cyber Security Expert at ESET commented below.
Jake Moore, Cyber Security Expert at ESET:
“Bug bounty hunting is a fantastic way to encourage ethical hackers to quietly highlight bugs to the creators of the software. The amount of money saved by companies can largely outweigh the fines issued or reputational damage suffered after data breaches, so this sort of financial encouragement is a win win for all. However, if some companies do not offer such bug bounties, they are less likely to be contacted when a flaw is uncovered and therefore more likely to see it delivered into the wrong hands and unpatched for longer.
Ethical hackers employed by these sorts of huge corporations are still likely to miss vulnerabilities from time to time, so opening up rewards to anyone not affiliated with the company is a great way of upping the security of the applications.”