Google's Project Zero team won't be applying for Apple's SRD program

[InfoSec News <alerts () infosecnews org>]

https://www.zdnet.com/article/googles-project-zero-team-wont-be-applying-for-apples-srd-program/

By Catalin Cimpanu
Zero Day
ZDNet.com
July 22, 2020

Some of the biggest names in the iPhone vulnerability research field have 
announced plans today to skip Apple's new Security Research Device (SRD) 
program due to Apple's restrictive rules surrounding the vulnerability 
disclosure process that effectively muzzles security researchers.

The list includes Project Zero (Google's elite bug-hunting team), Will 
Strafach (CEO of mobile security company Guardian), ZecOps (mobile 
security firm who recently discovered a series of iOS attacks), and Axi0mX 
(iOS vulnerability researcher and the author of the Checkm8 iOS exploit).


WHAT IS THE APPLE SRD PROGRAM

The Security Research Device (SRD) program is unique among smartphone 
makers. Through the SRD program, Apple has promised to provide pre-sale 
iPhones to security researchers.

These iPhones are modified to have fewer restrictions and allow deeper 
access to the iOS operating system and the device's hardware, so security 
researchers can probe for bugs that they normally wouldn't be able to 
discover on standard iPhones where the phone's default security features 
prevent security tools from seeing deeper into the phone.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/