This is definitely a step in the right direction. They say they're worried that their bounties won't be enough to dissuade anyone only interested in money from disclosing vulnerabilities to malicious sources. Honestly I think that a lot of people who discover these vulnerabilities would rather be paid slightly less money by disclosing to Apple and have the rep/CV fodder of "I broke Apple" that comes with a responsible public disclosure, than going through secret channels to make slightly more money at the risk of potential legal trouble.
And anyways, 200 grand is an astoundingly high ceiling for bug bounties; highest I've ever seen paid out was a "meager" 20k by Uber, and I thought that was a lot of money for a bug program at the time.
And anyways, 200 grand is an astoundingly high ceiling for bug bounties; highest I've ever seen paid out was a "meager" 20k by Uber, and I thought that was a lot of money for a bug program at the time.