The company said that if researchers found a vulnerability through using the SRD, it must report it to Apple or an appropriate third party if it’s in a third-party code. Apple will then attempt to resolve the issue, and provide a “publication date” when it will take place. Until then, the researchers can’t share their findings with others. Techcrunch also reported that program participants will have access to extensive documentation and a dedicated forum with Apple engineers. 

Device availability is limited, and researchers need to apply to be in the program. They must be an Account Holder in the Apple Developer Program, a proven track record of finding security issues, and be based in an eligible country or region. 

The SRD program will run concurrently with its bug bounty program, which was opened up to all researchers last year. Participants can file security bug reports and potentially get paid up to $1 million in rewards.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.



Read More