>If you report a vulnerability affecting Apple products, Apple will provide you ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

shantara on July 22, 2020 | parent | context | favorite | on: Apple Security Research Device Program

>If you report a vulnerability affecting Apple products, Apple will provide you with a publication date... Until the publication date, you cannot discuss the vulnerability with others.

In addition to the mandatory bug reporting, Apple reserve a right to dictate the researchers a mandatory publication date. No more 90/180 days responsible disclosure deadline policy. I highly doubt any serious researcher would agree to work with such conditions.

saagarjha on July 22, 2020 [–]

Would be interesting to see if Google Project Zero joins the program, given their inflexibility in disclosure.

bobviolier on July 22, 2020 | | [–]

Looks like they won't https://twitter.com/benhawkes/status/1286021329246801921?s=1...

shantara on July 22, 2020 | | [–]

That's what I've been thinking about as well. I'm leaning towards "no", but let's wait and see.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact