[IBM]

The Reuters report has some details about why they limited it:

>Apple said it decided to limit the scope of the program at the advice of other companies that have previously launched bounty programs.

Those companies said that if they were to do it again, they would start by inviting a small list of researchers to join, then gradually open it up over time, according to Apple.

Security analyst Rich Mogull said that limiting participation would save Apple from dealing with a deluge of "low-value" bug reports.

"Fully open programs can definitely take a lot of resources to manage," he said.

http://www.reuters.com/article/us-cyber-blackhat-apple-idUSK...

[amenghra]

True, but it's not like Apple doesn't have the resources to manage an open submission program.

[IBM]

They may have financial resources but I doubt their security engineers would want to deal with the deluge.

[coldtea]

It's not about throwing money or people at a problem, it's the overhead that lowers its efficiency and agility.

[duaneb]

Maybe they want to invest cautiously. Seems smart to me.

[NEDM64]

Then it seems like a job to me, if it is, then they should pay a salary.

[ghshephard]

If it was a salaried job you would have to sign a Non-Disclosure, assign all intellectual property rights to Apple, ensure that you have good work attendance, be responsive to what your manager tells you to do, etc, etc...

I'm sure there are a lot of security researchers who would like to dabble in dozens of companies products, without being told what they had to do every day, yet still be compensated.