iPhone Bugs Are Too Valuable To Report To Apple

An anonymous reader writes: Last year, Apple launched a long-awaited bug bounty program to reward friendly hackers who report flaws in the iPhone to the company. Despite inviting some of the best hackers in the world to join, it's a bit of a flop so far. The iPhone's security is so tight that it's hard to find any flaws at all, which leads to sky-high prices for bugs on the grey market. Researchers I spoke to are reluctant to report bugs both because they are so valuable and because reporting some bugs may actually prevent them from doing more research. "People can get more cash if they sell their bugs to others," said Nikias Bassen, a security researcher for the company Zimperium, and who joined Apple's program last year. "If you're just doing it for the money, you're not going to give [bugs] to Apple directly." Patrick Wardle, a former NSA hacker who now specializes in MacOS research and was invited to the Apple bug bounty program, agreed. He said that iOS bugs are "too valuable to report to Apple."

So just increase the bounty...

Apple's pockets are a little deeper than most.

They could surely increase the bounty to a point where no one could possibly compete with them.

Re:So just increase the bounty...

You are not right back where you started. You just said by raising the price unfixed bugs will become even rarer, which is the goal of a bug bounty program.

Re:Don't call them researchers

[Stan92057]

Wouldn't call them gray either, they are black-hats 100% why call them gray? What good have they done? the bug they found will be exploited criminally. Now lol if they sold the bug to a criminals then turn around and sell it to apple then i would tag them gray.