The Reuters report has some details about why they limited it:
>Apple said it decided to limit the scope of the program at the advice of other companies that have previously launched bounty programs.
Those companies said that if they were to do it again, they would start by inviting a small list of researchers to join, then gradually open it up over time, according to Apple.
Security analyst Rich Mogull said that limiting participation would save Apple from dealing with a deluge of "low-value" bug reports.
"Fully open programs can definitely take a lot of resources to manage," he said.
If it was a salaried job you would have to sign a Non-Disclosure, assign all intellectual property rights to Apple, ensure that you have good work attendance, be responsive to what your manager tells you to do, etc, etc...
I'm sure there are a lot of security researchers who would like to dabble in dozens of companies products, without being told what they had to do every day, yet still be compensated.
>Apple said it decided to limit the scope of the program at the advice of other companies that have previously launched bounty programs.
Those companies said that if they were to do it again, they would start by inviting a small list of researchers to join, then gradually open it up over time, according to Apple.
Security analyst Rich Mogull said that limiting participation would save Apple from dealing with a deluge of "low-value" bug reports.
"Fully open programs can definitely take a lot of resources to manage," he said.
http://www.reuters.com/article/us-cyber-blackhat-apple-idUSK...