I'm not familiar with the market but these seem low when you consider:<p>- The effort required to find them<p>- The damage that can be inflicted on Apple in terms of brand goodwill and the subsequent loss of sales, e.g. The SEP implications for ApplePay<p>- The damage that can be inflicted on users and 3rd parties, e.g. imagine the amount of cash banks would be on the hook for if someone managed to say write a worm that used iMessage/SMS to propagate without user knowledge (e.g. with the recent TIFF vulnerability), and transfer funds from the user's bank account? Or made calls to the baseband to dial shady $10/minute premium rate numbers in some banana republic at 3AM every night?<p>- The amount of money TLAs and black market actors allegedly pay per the TC article.<p>- How much money Apple actually has, especially all the offshore cash that can't be repatriated to the US without incurring exorbitant capital gains. These bug bounties could be be remitted from any Apple subsidiary.<p>- Large bug bounties would de facto end jailbreaking<p>- Knowing Apple there would be endless NDAs and restrictive covenants before any payout is made.<p>IMO with all this considered the max payouts seem irrationally paltry.