upvote
You understand the concept of doing something that doesn't bring direct monetary benefit?
reply
He makes a point, though: bug bounties exist to incentivize people to find and report bugs to a company. We talk about white, gray, and black hats, roughly based on their level of ethics. For black hats – and some gray hats – money is one of the big reasons they look for vulnerabilities.
reply
you understand the concept of zero days ?

companies should be better and if not, criminally liable for their bad code.

reply
Ok? I agree with everything. What does that have to do with reporting exploits that don't have bounties?
reply
I don't think you thought this through.

does this also apply to individual developers?

should Linux Torvalds or the ffmpeg developers go to jail if they merge a RCE zero-day into the Linux kernel or into ffmpeg?

reply
gross negligence / honest mistake

if you cannot differentiate the 2, :insert rude thing here:

reply
ok, so you agree that if Linus merges code due to gross negligence, for example he was warned in an email that it contains a RCE and he laughs it off, and still merges it, he should go to jail

glad you are consistent in your beliefs

reply
In other words, bootlicking the corpo-authoritarians?
reply
You're actually helping the people that use the software from getting pwned, companies are secondary beneficiaries.
reply