http://www.cnet.com/videos/apple-to-pay-up-to-200000-for-bugs/
The practice of ‘Bug Bounties’ are popular. I have always been a strong advocate of the practice. Lots of highly motivated, creative, and technically talented people looking for vulnerabilities is much more powerful than a handful of internal testers and developers trying to do the same. Apple has been a late comer to this game. Many other companies have looked to the greater security research and hacker community through bug bounty programs of their own.
The game has changed! Apple announced this week at the Black Hat #cybersecurity conference that the company would begin a program to compensate external researchers who follow their process and disclose security vulnerabilities in Apple products. The rewards will be a tiered structure, with $200k as the top payment for boot and firmware components.
Ivan Krstic, head of Apple Security Engineering and Architecture state “We believe these payment amounts are commensurate with the level of difficulty in attacking some of these systems”