Many tech companies rely on outside help like white hat hackers and developers to report bugs to them, and they are usually encouraged by offering up a bounty for bugs that are discovered in the form of money. The amount will range depending on the severity of the bug, but basically there is money to be made.
However it seems that Apple isn’t paying bug hunters enough to keep them properly motivated. In a report from Motherboard, it seems that Apple’s bug bounty program payout is too low where developers/hackers who discover iOS bugs would much rather keep the information to themselves and sell them to the gray market.
Speaking to Motherboard, Nikias Bassen who is a security researcher at Zimperium said, “People can get more cash if they sell their bugs to others. If you’re just doing it for the money, you’re not going to give [bugs] to Apple directly.” Patrick Wardle who was a former NSA hacker agreed with Bassen’s statement and said that iOS bugs are “too valuable” to report to Apple.
Apple’s bug bounty program was announced last August at the Black Hat security conference. This marked the first time that Apple has decided to officially reward hackers who report bugs to the company, but given these statements it seems that maybe the program isn’t really as cracked up as one might think, but hopefully Apple will work on improving it.