Apple refused to pay bounty to Kaspersky for uncovering vulnerability

For context (that of course is buried far from the title), Kaspersky is a Russian company and Apple, being an American one, is subject to the embargo and sanction list of the USA:<p>&gt; While Kaspersky is a multi-national company, it was founded and headquartered in Russia, a country the United States has heavily sanctioned due to the war in Ukraine. This could severely restrict financial transactions between U.S. companies and those in the region.<p>&gt; Additionally, per Apple Security Bounty’s terms and conditions, “Apple Security Bounty awards may not be paid to you if you are in any U.S. embargoed countries or on the U.S. Treasury Department’s list of Specially Designated Nationals, the U.S. Department of Commerce Denied Person’s List or Entity List, or any other restricted party lists.”

Title is misleading&#x2F;clickbait.<p>Should be “Apple cannot legally pay bounty to Russian company due to sanctions.”

I&#x27;ve always felt sorry for Kaspersky. The leadership seems to have put together a company that&#x27;s about as ethical, in culture and in the general sweep of its actions, as you can ever find in the industry. Their products tend to be in the upper tier in terms of delivering what they promise. They try to behave like &quot;good citizens&quot;.<p>But the company constantly gets squeezed between trying to fight obnoxious demands from the Russian government (including, I suspect, by not expanding into businesses where those demands would be un-resistable), and trying to fight suspicion from everybody else.

Trade sanctions rarely achieve their stated aim, but that doesn’t mean they aren’t the law.

Can’t Apple pay the bounty through a third country to avoid the embargo like the way that Shell and BP sell Russian oil to US companies?

Apple just ensured that Kaspersky won’t report the next vulnerability they unearth.

Apple loves money, it’s why they changed the airdrop policy for China to knee-cap protesters from using sneaker net.

Talk about burying the lede

Does Kaspersky care at all about the monetary aspect of the bounty? I think they are ethically bound and probably already know they will not get paid.

Don&#x27;t look for payouts in bug bounties. It&#x27;s not a fair deal and you will always be taken advantage of.

Good job Apple!

Is 9to5mac another one of Vladimir&#x27;s puppets now? Quite the pro-Russian headline there.

Better sell next time

Apple’s excuse is poppycock. 10s of thousands of developers in the US use Jetbrains products in the US and pay for them routinely with their debit cards on subscription. Jetbrains is located in St Petersburg.<p>They should be sued, and also given that such sophisticated attacks are usually the domain of state sponsors, if they dont pay they can be assured that the next one wont be reported to them.<p>..or maybe thats the plan.

Strange how it&#x27;s a subject for discussion. It&#x27;s like during WWII consider paying to operator of gas chamber in Aushwitz.