Corellium, an iOS virtualization firm, has announced a new initiative meant to foster independent security research — and the first project is inspired by Apple’s CSAM scanning project.
The so-called Corellium Open Security Initiative will grant both monetary awards and access to the firm’s iOS virtualization platform to qualifying submissions. As mentioned, the first phase of the initiative will be focused on validating vendor security or privacy claims. Corellium suggests that the first phase of the initiative was inspired by Apple.
Apple has previously encouraged third-party researchers to corroborate its claims of privacy and security features in its CSAM scanning system. Corellium says that any single flaw in the system could subvert it as a whole, treating the privacy and security expectations of iPhone users.
“We applaud Apple’s commitment to holding itself accountable by third-party researchers. We believe our platform is uniquely capable of supporting researchers in that effort,” Corellium wrote, stating that its hypervisor technology doesn’t rely on exploits and allows for dynamic security analysis after iOS updates are fielded.
Corellium says it hopes other companies will “follow Apple’s example in promoting independent verification of security and privacy claims.”
In the first art of the initiative, Corellium will award up to three submissions a $5,000 grant and free access to its iOS virtualization platform for one year. Applications for the program are open to anyone with a specific research project they want to tackle. Although having a history of security research is “helpful,” Corellium says it isn’t required.
The firm says it’ll select applicants based on several criteria, including whether the proposal will result in improved mobile security or privacy, the technical merits of the research, and the likelihood that the project will actually be completed. The deadline for submissions is Oct. 15, 2021.
Earlier in August, Apple settled its copyright infringement lawsuit against Corellium. Although the settlement was confirmed by court records, details of the agreement were kept confidential.