I'd care a lot more if Adobe, et al, weren't repeatedly screwing up. A couple million dollar bounties and forcing them to pay to internalize their negative externalities will help create the proper internal focus on shipping secure software. Reputation doesn't show up as a line-item.
And if a security dev resells, who cares? The company still got the 0-day and still gets it fixed asap. It's far better than our current situation where these can persist for years.
And if a security dev resells, who cares? The company still got the 0-day and still gets it fixed asap. It's far better than our current situation where these can persist for years.