>Generally, white hat security researchers publicly reveal flaws like this only after informing the company and giving it ample time to fix the issues. But Henze is refusing to assist Apple because it doesn’t offer paid bug bounties<p>This is starting to look really bad for the infosec "community." Without rehashing all the old arguments around disclosure, and the sorta-recent arguments around bug bounties, we're now at the point where this doesn't not look like extortion.<p>"That's an awfully nice operating system you've got there. It'd be a shame if someone were to disclose a security flaw without giving you ample opportunity to fix it."