> Apple frequently stiffs people on the security bounty.

Having seen the receiving end of a bounty program of a relatively small SaaS business it's shocking to see how many people are abusing such a program with irrelevant or plain false 'vulnerabilities' and keep begging for a bounty (even when it's clearly stated it's impossible to send money to their countries). I can't imagine how many filters Apple has to employ to just get rid of the noise and get something of value from such a program.