- Kaspersky uncovered iOS vulnerabilities in ‘Operation Triangulation’, reported to Apple, but was refused bounty payment
- Apple’s Security Bounty Program offers rewards up to $1 million for discovering vulnerabilities to prevent them from being sold on the dark web
- Apple’s refusal to pay Kaspersky could be due to restrictions on financial transactions with companies in sanctioned countries like Russia.
It would still probably count as some sort of trade (even when delayed), which is what would violate the sanctions.
It could be argued that such delayed trade should be encouraged. Let Apple’s debt to Kaspersky build up, with interest, but it’ll only be paid once sanctions end which will only happen once pre-determined conditions are met. It’s basically an increasing incentive to change course in a way that will result in sanctions being lifted.
There are probably some pretty severe downsides to this approach though.