Those who find one outside of an SRD are encouraged to share it through the Apple Security Bounty, which is offering rewards. Meanwhile, vulnerabilities found with an SRD are automatically considered for reward through the Apple Security Bounty.
Read full article on SD Times