Last week, Apple decided to pay out a reward (of an undisclosed value) to the 14-year-old who discovered a major security flaw in FaceTime.
For years, tech companies like Apple and Google have paid programmers for catching software glitches as part of their “bug bounty” programs. But Apple’s move shows that bug bounties aren’t just for world-class security researchers any more.
Everyone is a bounty hunter now
Grant Thompson isn’t a world class programmer: He’s a student at Catalina Foothills High School.
But when he discovered that Apple’s new FaceTime update enabled users to eavesdrop on their friends, he decided to report the problem to Apple.
In the past, Apple ran a program that offered up to $200k to “security researchers” who discovered and reported vulnerabilities. But now, Apple has decided that even amateur bug hunters like Grant should be entitled to compensation.
Two ways to tackle cybersecurity
Large tech companies are looking for new ways to deal with increasingly complex cyberfraud. One solution is to hire huge cybersecurity companies to tackle cybercrime from the top: Spending on top-down information security is expected to hit $124B this year.
But companies are also taking on cybercrime from the bottom up by offering bounties to individuals who point out problems. Google, for instance, paid out $3.4m just last year to bug-hunters.
Since cybercrime isn’t going anywhere, bug bounty-hunting is likely to increase — and more high-schoolers will probably be doing the bug-squashing.
Get the 5-minute roundup you’ll actually read in your inbox
Business and tech news in 5 minutes or less