|
|
|
|
|
|
by dpkonofa
1708 days ago
|
|
|
>Apple in general has a poor track record of paying out bug bounties What is this based on? My understanding is that Apple pays out 99% of the reported bug bounties and that's only because they include multiple submissions in the totals but not in the payouts (they only payout the first discovery or root discovery). |
|
|
thunderspy.io/
Those are my favorite recent examples, but specifically Apple has huge issues with turnaround time. They also don't communicate with or assist the researchers who found these exploits either, which makes things particularly frustrating for people who ultimately both want to secure Apple's systems. Their overt hostility, history of poor communication, and frankly pathetic bug bounties are all contributors to how people perceive Apple's relationship with security experts.