Then Apple needs to make it worth their while. While there is an ethical component to not using the detected vulnerabilities, if Apple doesn't have enough staff to comb through bugs and are too cheap to hire more people, then they should more handsomely reward bug hunters. At the same time, I wonder whether this might have a reverse effect where an Apple employee might tactically insert a vulnerability. In this way, they could sell knowledge of the vulnerability to the highest bidder who then reports this to Apple via the official bounty program...