The Apple Security Research Device program launched today, and it aims to provide special iPhones to researchers with code execution and containment policies.
Apple Security Research Devices Program
The Security Research Device (SRD) will have shell access available to run all tools and rights. They remain the property of Apple but can be rented on a 12 month basis. Here are the program restrictions:
- If you are using the SRD to find, test, validate, verify, or confirm a vulnerability, you should promptly report it to Apple and, if the bug is in third-party code, to the appropriate third party. If you haven’t used SRD for any aspect of your job with a vulnerability, Apple strongly encourages (and rewards, through the Apple security bonus) that you report the vulnerability, but you are not required to do so.
- If you report a vulnerability in Apple products, Apple will provide you with a release date (usually the date that Apple releases the update to resolve the issue). Apple will work in good faith to resolve each vulnerability as soon as possible. Until the publication date, you may not discuss the vulnerability with others.
Applicants should also meet requirements such as having a proven track record of researching security issues and being an Apple Developer member.
Tags: Developers, Security