The crowd erupted in enthusiastic applause. But almost a year later, the long-awaited program appears to be struggling to take off, with no public evidence that hackers have claimed any bug bounties.

"I wanna share some news with you," Krstic said at the Black Hat conference, before announcing that Apple was finally launching a bug bounty program to reward friendly hackers who report bugs to the company.

In August 2016, Apple's head of security Ivan Krstic stole the show at one of the biggest security conferences in the world with an unexpected announcement .

The iPhone's security is so tight that it's hard to find any flaws at all, which leads to sky-high prices for bugs on the grey market. Researchers I spoke to are reluctant to report bugs both because they are so valuable and because reporting some bugs may actually prevent them from doing more research.

"People can get more cash if they sell their bugs to others," said Nikias Bassen, a security researcher for the company Zimperium, and who joined Apple's program last year. "If you're just doing it for the money, you're not going to give [bugs] to Apple directly."

Patrick Wardle, a former NSA hacker and researcher at Synack who now specializes in MacOS research and was invited to the Apple bug bounty program, agreed. He said that iOS bugs are "too valuable to report to Apple."

"If you're just doing it for the money, you're not going to give [bugs] to Apple directly."

In addition to Wardle and Bassen, I spoke to eight bug hunters in the program after granting them the condition of anonymity, which they requested to talk freely about the confidential details of the program. All of them said they have yet to report a bug to Apple, and none of them know of anyone who has. Apple declined to comment for this story.

In September 2016, Apple flew Wardle, prominent iPhone jailbreaker Luca Todesco, and a small, select, group of white-hat hackers to its Cupertino headquarters.

During their stay, Apple pitched the researchers on collaborating with the company by joining the bug bounty program. Apple security employees gave presentations, took the researchers out for dinner, and gave them a chance to chat and discuss their work. Even Craig Federighi, Apple's senior vice president of software engineering, made a surprise appearance to meet and greet the researchers, according to two sources who attended.

This was a big shift, as security researchers and experts had long complained that Apple was the last major holdout among tech giants without a bug bounty program. Microsoft, Google, Facebook, and countless other smaller companies have had programs for years, dishing out sometimes lucrative rewards to independent hackers who choose to report vulnerabilities instead of using them for nefarious purposes.