I pin the responsibility on Apple. They created a bounty system which incentivized people to build their livelihoods around finding these issues. They subsequently decided they wouldn't pay out those incentives essentially at random. If putting food on the table means getting paid for vulnerabilities, it's only rational to sell your work to whoever else is going to pay for it. Apple _created this market_ (and, you might argue, put the vulnerability into production). The only bad look here is Apple, imo.
