I’m reminded of a comment I saw on Reddit yesterday: not only can Apple be maddeningly slow at fixing security vulnerabilities after they’ve been reported, but it also doesn’t offer bounties for reporting them. You know, just the kind of thing that might motivate a hacker to contact Apple instead of downloading a copy of Jennifer Lawrence’s iCloud backup. (Or, more likely, just after downloading it, but that would still be progress.) I’m not so good at business, but I kinda feel that Apple could afford it. And, evidently, so do all the hackers who prefer to exploit a vulnerability rather than be, at best, graciously credited in the patch notes by one of the richest companies on Earth.
You can’t be lazy or complacent when it comes to security; you can’t be stingy, either.