Ian Beer asked Cook to donate US$2.5 million to Amnesty International - roughly the amount that he would have earned from Apple's bug bounty program had he chosen to do so.
Beer made his comments during a presentation at the Black Hat 2018 conference in Las Vegas on Wednesday. He has found more than 30 bugs in iOS and presented the details of a number of them during his talk, a report in ThreatPost said.
He did not blame individual security researchers, but rather organisations who had people in charge of security with academic, rather than exploit, backgrounds.
“Please, we need to stop just spot-fixing bugs and learn from them, and act on that.”
Apple set up its bug bounty program two years ago, saying that all bug reports would be taken seriously and that it would consider paying rewards to those who were outside the program.
Beer's call to donate to Amnesty was because the organisation said recently that one of its staff has been targeted with powerful smartphone malware known as Pegasus which is sold by an Israel-based company NSO Group.
He said that Apple should lock down iOS because the victims of advanced persistent threats were increasingly users of iPhones.
“Targeted exploitation is more widespread than you think,” he said.
Beer said using bug fixes as a means of measuring a company's security credentials was flawed. Describing it as a security blanket that only offered the illusion of progress, he said one should understand the culture that led to the bugs and change that.