Hacker News new | past | comments | ask | show | jobs | submit login

I'd like to see what what prevents double dipping, first report to unethical places, wait a bit, then report to Apple.



I think that's why the amount is so high. If you sell it for less to bad guys, someone else might find the same exploit (or a connected one) and swoop in and claim the big amount from Apple, and you lose out.


According to other comments here, the unethical places spread payment over a period of time; payment stops if it gets patched.


The longer you wait, the more likely it becomes that someone else figures it out too!


These unethical places would of course never consider reporting the bug to Apple to get a million dollar rebate on their purchase price... that would be unethical.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: