- Kaspersky uncovered iOS vulnerabilities in ‘Operation Triangulation’, reported to Apple, but was refused bounty payment
- Apple’s Security Bounty Program offers rewards up to $1 million for discovering vulnerabilities to prevent them from being sold on the dark web
- Apple’s refusal to pay Kaspersky could be due to restrictions on financial transactions with companies in sanctioned countries like Russia.
How is holding the money until (and if) the sanctions are lifted, “circumventing”?
However unlikely it would be, if the sanctions are lifted (maybe Russia gets a new, sane Government, calls off its invasion, stops its international shenanigans), wouldn’t it be OK to pay this company then?
In many cases it’s doing business and not just the payment!/compansation that the sanctions is about.
It would still probably count as some sort of trade (even when delayed), which is what would violate the sanctions.
It could be argued that such delayed trade should be encouraged. Let Apple’s debt to Kaspersky build up, with interest, but it’ll only be paid once sanctions end which will only happen once pre-determined conditions are met. It’s basically an increasing incentive to change course in a way that will result in sanctions being lifted.
There are probably some pretty severe downsides to this approach though.
If the point of the embargo is to pressure affected parties to enact change on the governments policies, offering the reward after sanctions are lifted would be an added incentive.
It should be allowed or even encouraged to help the power of the sanctions.