Seems similar to what Microsoft is doing lately:
replyhttps://www.cpomagazine.com/cyber-security/microsoft-doubles...
That's actually very common even with respected bug bounty programs. Communicating exploits to anyone else (let alone the general public) will at the very least make you ineligible for rewards.
replyIMO if you're participating in a BB program, you should abide by he rules set forth by the program.
replyIf you're not, then you don't have to.