The only way Apple could make them report the vulnerability is if the bounty was not far from the amount of profit that NSO is making with their software.
The comment is not suggesting that Apple make the vulnerability attractive to report for the NSO as an organization, but presumably attractive to report for whatever hackers the NSO may purchase vulnerabilities from - or individuals employed by the NSO.
In such a case, Apple "only" needs to make the bounty high enough to significantly exceed the sale price of the vuln, or the salary of aforementioned employees.
For who had already sold a vuln to a criminal org like NSO once, I wonder will they switch to clean Apple. Perhaps they get more chance to be investigated, or not?.
> The only way Apple could make them report the vulnerability is if the bounty was not far from the amount of profit that NSO is making with their software.
At which point it becomes cheaper to buy a law to force disclosure of those 0 days to vendor?
