Apple Introduces $2M Bug Bounty for Spyware-Level Exploits

[bmark]

You are moving the goalposts. You wrote: "We don't even know if anyone receives the bounty."

By spending 10 seconds doing a web search and copying a link, I provided evidence that at least one person has received a bounty (unless that person and Apple are lying). That evidence showed people have received a bounty. Apple said, "multiple individual reports earning $500,000 rewards". So unless you have evidence that Apple is lying, how about you stop trying to unfairly stick it to Apple just because you don't like them for whatever reason?

Microsoft has a bounty program as well. You going to stick up for them too?

 

[maxoakland]

Apple would have a clause in this program for exploits already found but not yet published fixes for—obviously they wouldn't advertise these to anyone. If I was to bet I'd say this is what happened that guy but he couldn't accept it—found an unfixed exploit and reported it and Apple told him they had already found it. I don't see what Apple would have to gain, unless they had a rouge employee. You would imagine if they did they would have pressed charges.

You’re giving way too much benefit of the doubt to Apple. They’ve repeatedly had this issue. Several times they gave people a small amount that reflected the bug hadn’t been found before but they decided it was worth less money than it should’ve been

This is an example of Apple being greedy and shortsighted, which they have demonstrated multiple times in multiple areas (See their treatment of App Store devs, 8GB of RAM in 2023, etc).

Because of this repeated behavior, we should assume Apple is being greedy and shortsighted unless proven otherwise. It’s their institutional temperament

 

[Mac Fly (film)]

You’re giving way too much benefit of the doubt to Apple. They’ve repeatedly had this issue. Several times they gave people a small amount that reflected the bug hadn’t been found before but they decided it was worth less money than it should’ve been

This is an example of Apple being greedy and shortsighted, which they have demonstrated multiple times in multiple areas (See their treatment of App Store devs, 8GB of RAM in 2023, etc).

Because of this repeated behavior, we should assume Apple is being greedy and shortsighted unless proven otherwise. It’s their institutional temperament

You don't need to convince me Apple are greedy. I am well aware they are. This isn't greed though, it would be a form of fraud and for that Apple would have little to gain. I have to admit I hadn't been following this story however.

 

[maxoakland]

You don't need to convince me Apple are greedy. I am well aware they are. This isn't greed though, it would be a form of fraud and for that Apple would have little to gain. I have to admit I hadn't been following this story however.

I've been following it and I don't think claims of fraud would deter them because Apple has to much power, they can get away with almost anything

 

[Shirasaki]

This is a great program and these updates make it much more enticing to people to find exploits. It's good to see Apple's focus on improving security.

Assuming Apple actually pays those people the promised amount and the system actually can outbid the black market, which I am in serious doubt.

 

[Shirasaki]

You’re giving way too much benefit of the doubt to Apple. They’ve repeatedly had this issue. Several times they gave people a small amount that reflected the bug hadn’t been found before but they decided it was worth less money than it should’ve been

This is an example of Apple being greedy and shortsighted, which they have demonstrated multiple times in multiple areas (See their treatment of App Store devs, 8GB of RAM in 2023, etc).

Because of this repeated behavior, we should assume Apple is being greedy and shortsighted unless proven otherwise. It’s their institutional temperament

This is what I think too. Apple being Apple, encompassed by eternal greed way beyond normal obligations as corporations for profit, will pay as little as possible they can get away with while profiting from the hard work performed by arguably some of the most talented IT specialists in the world. This will not bode well for Apple and all the otherwise fixable critical security bugs would continue to be sold in the dark web and black market for much higher price, and guaranteed payment for those people found those bugs. Between a market that you can get higher payment with more guarantee and Apple who in a whim can declare your contribution is worthless, I don’t think this is a hard choice to make. I can’t wait Apple scramble to patch another exploited critical security vulnerability sometime down the line.

 

[maxoakland]

This is what I think too. Apple being Apple, encompassed by eternal greed way beyond normal obligations as corporations for profit, will pay as little as possible they can get away with while profiting from the hard work performed by arguably some of the most talented IT specialists in the world.

It's short sighted too because the money they'd pay is a fraction of their income and would either save them or their users money in the future. This is exactly the kind of leadership a tech company shouldn't have because it makes things worse for all of us

 

[max2]

What happens if the person who found the bug does not want any amount of money for it?