“More than 9 in 10 cybersecurity researchers who find software vulnerabilities generally let the makers know and coordinate their disclosure, according to a new survey from a Commerce Department working group published Thursday.Only 1 in 6 (15 percent) expect any kind of reward, but nearly three-quarters (70 percent) expect to be engaged by the maker. It’s frustration around unmet communications expectations that’s most often the cause of unilateral disclosure, according to the survey report Vulnerability Disclosure Attitudes and Actions published by the National Telecommunications and Information Administration.”
Source: Hackers expect replies, not rewards, for finding bugs | Cyberscoop