Hack into Google, Facebook, or Microsoft products and one can reap "bug bounties" that those companies pay to unearth their own flaws. But Apple doesn't pony up for such detective work, which is why security experts say they're not shocked an outside party—Reuters notes an Israeli paper has pointed to Israeli forensic software firm Cellebrite—has gone to the FBI claiming to know how to hack the iPhone of San Bernardino shooter Syed Farook, the New York Times reports. Instead of paying hackers, Apple at most offers online kudos—an approach some say needs to change. "Especially with the stakes being as high as they are, if Apple wants to continue to compete in the modern world, they have to modernize their approach," says an official at a company that runs bounty programs. Apple has shied away from what the Times calls a "financial arms race," instead relying on inside testing and its own security team to find bugs.
Who is willing to shell out cash for insight into Apple design flaws: what the Times calls an "underground ecosystem of brokers and contractors" motivated to uncover Apple flaws to basically cash a "blank check" with the government in cases like San Bernardino. In fact, some security insiders say it's too late for Apple to make up lost ground with bug bounties. "It's never going to be able to compete with what is going on behind the scenes in the black market," a co-founder of one hacker-friendly company says. Meanwhile, former Apple CEO John Sculley tells CNBC he thinks that current CEO Tim Cook "has done an exemplary job of leadership," and that the FBI going with a third party to bust Apple's encryption would be "fair." (CBS News documents different options the FBI might be looking at to crack the code.)