I pin the responsibility on Apple. They created a bounty system which incentivized people to build their livelihoods around finding these issues. They subsequently decided they wouldn't pay out those incentives essentially at random. If putting food on the table means getting paid for vulnerabilities, it's only rational to sell your work to whoever else is going to pay for it. Apple _created this market_ (and, you might argue, put the vulnerability into production). The only bad look here is Apple, imo.
No, this is simply cause and effect. I wager a number of security researchers don’t find any moral issue with selling exploits, but prefer to be paid a bounty by the big corp due to ease and cachet. If that’s no longer tenable, they will hold up their middle fingers and just keep doing what they do. You can tell them they’re acting immorally all day long, but you will only be wasting your breath.
We live in a capitalist society that the companies at the very top absolutely love to exploit. They also love to exploit "but think of the <patients>,<the people>,<the children>" and so on.
By this logic, you're not even pretending you're better than this. You're not angry at Apple because they love to exploit, you're angry at them because you're not powerful enough to exploit others too.
Do you agree with this statement? If not, I think there's a contradiction. You are morally obliged to do the right thing even if there are entities who don't.
