Apple should be paying enough money that that issue is not a consideration. If I’m Apple (or anyone else for that matter) I’m paying absolute top dollar times two to resolve these issues. And I’m not even thinking twice about it.
that is, unfortunately, not at all how the bug-bounty market works. Apple (or any other tech company) can't outbid three-letter-agencies, certainly not on a regular basis. Open market value is at least 10x higher than companies will pay directly.
Apple will pay a million bucks? Fine, NSA TAO will pay $10m. Apple can't pay $10m or $100m a bug on a regular basis, for the customers whom this matters the check is basically blank, as much as it takes.
paulmd|4 years ago
Apple will pay a million bucks? Fine, NSA TAO will pay $10m. Apple can't pay $10m or $100m a bug on a regular basis, for the customers whom this matters the check is basically blank, as much as it takes.
bjt|4 years ago