David Farrington on a trend that goes against the grain of security standards:
There is something of an unwritten rule in high technology that security bugs should be reported to the manufacturer before they are made public. That makes sense. Even Google’s famous team of bug researchers gives notice before they make a vulnerability or exploit public. Many technology companies even pay a bounty to hackers to find flaws so they can be fixed.
Cellebrite doesn’t want to give up the secrets that are at the very core of its value to law enforcement and forensics specialists, who want consistent access to iPhones, or any smartphone that potentially holds vital evidence… Give up any details, ones that Apple’s security technicians can latch onto to develop fixes, and the company risks kissing goodbye to its unique unlocking capabilities.
Translation: “We make money by hiding iPhone flaws“