Last week, the hacker Ian Beer one of the best online security researchers in the world criticized the rewards program for indicating flaws in Apple?s systems and challenged the giant?s CEO, Tim Cook, to donate $ 2.45 million to charity, an amount he should have received if he were part of Ma's rewards program, as disclosed by Threatpost.
Currently, Beer member of the Zero Project team (Project Zero) from Google, which has already contributed to identifying security vulnerabilities in software from Apple and other companies. Through this program, security researchers find the problem, pass the information on to the affected companies and allow 90 days for the flaws to be corrected before they are publicly disclosed, forcing companies to fix their bugs.
Among the criticisms made by Beer, he said that Ma, despite correcting the flaws of iOS, does not fix the reasons for the system that contribute to the vulnerabilities. In addition, he highlighted his impressions of Apple's failure-based rewards program, created two years ago. According to Beer, part of Apple's explanation to the research community was that all failures would be taken seriously and that Ma would consider a value (up to $ 200,000 per vulnerability) that, instead of being paid to hackers, would be donated for charities chosen by the researcher.
I don't think Apple intended to use the bug rewards program as a public relations tool, but obviously, that has given them good publicity. These supposedly high prices are often cited and used as that comfort blanket that you can wrap yourself in.
Beer decided to take the discussion to his Twitter page, where he directly mentioned the CEO of Apple, asking him to invite him to participate in the fault-finding program and then donate the amount corresponding to all flaws discovered by the researcher on Apple systems for the NGO Amnesty International, which defends human rights.
Hi @tim_cook, I've been working for years to help make iOS more secure. Here's a list of all the bugs I reported which qualified for your bug bounty since its launch, could you invite me to the program so we can donate this money to @amnesty? pic.twitter/VUKj7BaJ4P
– Ian Beer (@ i41nbeer) August 8, 2018
Hi @tim_cook, I've been working for years to help make iOS more secure. Here is a list of all the bugs that I have reported that have qualified for your bug reward program since it launched, could you invite me to the program so that we can donate this money to @amnesty?
The hacker then said that he would love to have the chance to sit down with Cook to discuss, together, how to make iOS even safer for all users. So far, Apple's CEO has not responded to comments.