For years, software makers have benefited from the work done by the community of security researchers who spend days or weeks looking for vulnerabilities. This work is virtually always done pro bono by researchers who either have day jobs and do their research as a sideline or by experts at security companies who do the work as a way to promote their research teams. But now, several high-profile bug finders are trying to put an end to this practice. They were talking up their no more free bugs mantra at the CanSecWest conference last week.
Source: https://threatpost.com/no-more-free-bugs-software-vendors-032309/72484/