While $200,000 is certainly a sizable reward — one of the
highest offered in corporate bug bounty programs — it won’t
beat the payouts researchers can earn from law enforcement or
the black market. The FBI reportedly paid nearly $1 million
for the exploit it used to break into an iPhone used by Syed
Farook, one of the individuals involved in the San Bernardino
shooting last December.
Interestingly, for altruistic / independently wealthy researchers there's an incentive to report to Apple:
In an unusual twist, Apple plans to encourage researchers to
donate their earnings to charity. If Apple approves of a
researcher’s selected institution, it will match their donation —
so a $200,000 reward could turn into a $400,000 donation.
Yea, I was just kidding. Also, selling the exploit to Apple is more of a guarantee than waiting around to see if the government needs it (assuming you want to stay legal).
http://www.reuters.com/article/us-apple-encryption-idUSKCN0X...