This story makes a good counterpart to the Reg article:
'Want to set up a successful bug bounty? Make sure you write it for the flaw finders and not the lawyers' -https://www.theregister.com/2020/10/08/cisa_bug_bounty_panel/
This team started their search for vulnerabilities in Apple's systems without reading any detailed bug bounty documents from Apple - they'd just followed the story of a previous hacker who was awarded $100,000 by Apple, and thought they'd give it a go in good faith. They also noted that it started as a side project for them, but Covid lockdown left them with a lot more time on their hands. Their write-up (linked in this Regard article) is well worth a read ( or at least a slim, it's detailed! ), and it was published with the blessing of Apple's security team
Biting the hand that feeds IT
