> Saying “look at me, I never ask for money” is so immature and privileged
If I find a vulnerability in your website, I'll disclose it publicly in 90 days, and I want $$$$ to disclose it to you early, that sounds extremely close to me blackmailing you for protection money.
Whereupon you might well decide, instead of paying, that you'll go to the cops and try to get me arrested for blackmail/hacking.
To me, a policy of never asking for money isn't "privilege", it's common sense.
It’s a symptom of a broken industry, you didn’t disprove a thing except telling us all you didn’t know what symptom was referring to
I intentionally didn’t offer solutions as that’s not necessary to point out that there is a different problem where trying to shame everyone into compliance is a dumb approach
If I find a vulnerability in your website, I'll disclose it publicly in 90 days, and I want $$$$ to disclose it to you early, that sounds extremely close to me blackmailing you for protection money.
Whereupon you might well decide, instead of paying, that you'll go to the cops and try to get me arrested for blackmail/hacking.
To me, a policy of never asking for money isn't "privilege", it's common sense.