Apple Lossless Audio CODEC (ALAC), initiated last year a program through which it pays for the vulnerabilities discovered by various computer security researchers in the iOS and macOS operating systems. Apple called some computer security researchers in Cupertino to present this program to them, but it seems that it failed to convince them to help it secure its operating systems.
Apple has promised computer security researchers up to 200.000 dollars for the discovery of critical exploits of the operating systems, but the amount is very small. For what Apple pays 200.000 dollars, other companies specialized in computer security pay up to 5 times more money.
Under these conditions, the IT security experts explained that they will not sell the vulnerabilities to those from Apple until they pay the correct amounts for them. Moreover, the researchers claim that if they reported those vulnerabilities to Apple, they would no longer be able to do research to discover other vulnerabilities in the operating system of iOS or macOS.
8 of the computer security researchers who were called by Apple to present the program confirmed that they did not send any vulnerability to the Apple company. In the end, it is hard to say how Apple imagines that it could collect vulnerabilities from these researchers, but the Americans still hope.
"People can get more cash if they sell their bugs to others. If you're just doing it for the money, you're not going to give [bugs] to Apple directly."
