Comment by dust-jacket
4 hours ago
I don't feel like its hard to come up with examples where (I would say) its ethically wrong to disclose immediately. If you spotted a company's mistake that might endanger their user's lives or safety, would you put those users at risk simply because there was no obvious financial reward?
If so, I guess we just have different opinions on the ethics involved here.
If you are talking about some open source project then I would fully agree.
But when it comes to money making corporations then personally I dont agree that revealing flaws in their product comes into ethics at all.
A companies paid product is flawed, their own paid engineers didnt figure that out, why should I do it for free becasue 'ethics'?
This is the entire reason bug bounty programs exist in the first place.