[tptacek]

Exactly, which is why intangible costs will tend to be overpriced compared to risks with low cost ceilings, like "paying out an extra bounty".

[dullcrisp]

I think both the point you’re making and the idea you’re arguing against ascribe a level of agency and rationality to large organizations that doesn’t reflect their reality. In that way they’re both “not even wrong.”

But then I can see your point to a degree at least.

[tptacek]

I want to say again that I'm not making this point by way of a first-principles derivation of what's going on. I know for a fact that the norm in large bounty programs is to incentivize payouts. I don't know that for sure about Apple's program, but it seems extraordinarily unlikely that they depart from this norm, given the care and ceremony with which they rolled this out (much later than other big tech firms).

None of this is to say that the program is managed perfectly, as has been pointed out elsewhere on the thread. I'm not qualified to have a take on that question.

[nojs]

The bounty cost is not relevant for the company, but what about admitting liability?

[tptacek]

Not a real concern.

[nojs]

Could you explain this in more detail?

[saagarjha]

The cost here is Apple changing their processes which is exceptionally painful for them

[tptacek]

What processes would those be, and do you have actual knowledge of them?

[saagarjha]

The processes that involve interacting with external parties, which has long been something Apple has been really bad at.