
Security researchers play a vital role in maintaining online safety. Recently, Renwa, a security expert, uncovered critical vulnerabilities within Apple’s Safari browser and Sequoia OS. Despite reporting a serious bug with a CVSS score of 9.8, they received a mere $1,000 for their efforts.
This meager compensation led Renwa to tweet:
“I should quit this bug bounty thing and get a real job.” (I should quit this bug bounty thing and get a real job.)
Their frustration highlights a stark contrast with the rewards offered for other vulnerabilities by competing firms like Google, which recently awarded $1,000 for less critical issues. Given the severity of the reported bug, many believe a more substantial bounty would be appropriate, especially considering Apple’s policy of rewarding up to $1 million for significant security flaws.
As the conversation evolves, it’s becoming increasingly clear that the tech industry needs to reconsider how it compensates those who keep user data safe.