@ryanaraine @codinghorror but to be clear, you don't NEED high value bug bounties to find security holes #justsayin

@ryanaraine Same bugs can be found by good hackers, who choose the bounty. In any case, they push the black market price up.

. @ryanaraine Is there anything to stop someone from both selling the exploit AND claiming the bounty?

@ryanaraine @csoghoian How are these paid for? Bitcoin?

@ryanaraine They can never compete, but they can provide enough to nudge fence-sitters to do the right thing w/ their zero-day bugs.

@ryanaraine @siracusa We are in the realm of morality and greed.

@ryanaraine @siracusa article I read says the bounties are easier to get. Presumably because you're selling to an expert client (Apple)

@ryanaraine @siracusa how is that not illegal

@ryanaraine pretty ill-informed thing to say. big difference between bug bounties and selling vulnerabilities, not directly comparable.

@ryanaraine @siracusa of course they can. Apple has hundred of billions in cash at hand. It is simply not their priority to compete.