I feel that companies like Microsoft have forgotten that bug bounties and ethical reporting are the compromise where they agree to pay a fair amount for the bugs and are given time to fix them and the security researcher forgoes the 10x price they could get on the black market.
Given the rise in mercenary hacking/spyware corporations, the bug researchers could probably get way more money through those alternate, and still legal, channels.
I feel that companies like Microsoft have forgotten that bug bounties and ethical reporting are the compromise where they agree to pay a fair amount for the bugs and are given time to fix them and the security researcher forgoes the 10x price they could get on the black market.
Given the rise in mercenary hacking/spyware corporations, the bug researchers could probably get way more money through those alternate, and still legal, channels.
So I hear.