Bug bounty programs can be messy and create perverse incentives, says bug-hunting expert Katie Moussouris. Apple recently announced it would dramatically increase rewards it pays for certain kinds of vulnerabilities. The top reward now is $1 million for a remote, persistent iOS attack. The downside of high bug bounties is the potential to demoralize employees, she says. “There’s a logical limit above which the defense market cannot rise, or you will end up shanking your own hiring pipeline and creating these perverse incentives,” she adds.”]
Source: https://www.inforisktoday.com/blogs/apples-top-1-million-bug-bounty-too-much-p-2783