Let's keep this going
Sign up today to receive our daily news briefs featuring a handful of the most important stories in business, tech, and life. Weekdays at 9am Pacific

TERMS & PRIVACY POLICY
EMAILED ON February 11, 2019 BY Conor Grant

Apple’s payout to a 14-year-old proves we can all be ‘bug bounty hunters’

Last week, Apple decided to pay out a reward (of an undisclosed value) to the 14-year-old who discovered a major security flaw in FaceTime.

For years, tech companies like Apple and Google have paid programmers for catching software glitches as part of their “bug bounty” programs. But Apple’s move shows that bug bounties aren’t just for world-class security researchers any more.

Everyone is a bounty hunter now

Grant Thompson isn’t a world class programmer: He’s a student at Catalina Foothills High School.

But when he discovered that Apple’s new FaceTime update enabled users to eavesdrop on their friends, he decided to report the problem to Apple.

In the past, Apple ran a program that offered up to $200k to “security researchers” who discovered and reported vulnerabilities. But now, Apple has decided that even amateur bug hunters like Grant should be entitled to compensation.

Two ways to tackle cybersecurity

Large tech companies are looking for new ways to deal with increasingly complex cyberfraud. One solution is to hire huge cybersecurity companies to tackle cybercrime from the top: Spending on top-down information security is expected to hit $124B this year.

But companies are also taking on cybercrime from the bottom up by offering bounties to individuals who point out problems. Google, for instance, paid out $3.4m just last year to bug-hunters.

Since cybercrime isn’t going anywhere, bug bounty-hunting is likely to increase — and more high-schoolers will probably be doing the bug-squashing.

Get news (like this) delivered by email every morning