At this point I can accept no excuse or justification from apple for why it isn’t paying best in class bounties.
Slow to scale excuses arguments? Ridiculous.
Smaller than industry rewards? It’s literally a marketplace of exploits. Not every hacker is a white hat. Some are beyond US Justice, others it takes years to catch. When Apple isn’t the first stop for exploits, in such cases the damage is done by the door one the holes are closed and the crooks caught.
For God’s sake, people have literally died and been hacked into pieces because of unpatched Apple bugs.
And in the meantime Apple wants us to put our medical histories and identification in our devices…
Yes we can blame NSO and FSB etc, but they are finding what is already there. There is no reason Apple couldn’t find most of it first if it doubled down on this.
Apple is the richest company in the history of humanity. There is no traditional business barrier to Apple doing what it needs to here.
Not able to run a robust bug discovery program that draws the best and most submissions (and conversely staffing internally to handle these)? Apple is fully able.
There is no reason that the above can’t be solved. And at this point is only because of perceptual and cultural lag, possible arrogance, clear lack of CEO priority, and definite CFO cheapskatedness.
I might add it’s pretty glaring that attention and resources are lacking here even as Apple instead builds proof of concept golden keys inviting state coercion to expand their CSAM intrusion into other areas…