Andy Zmolek of Avaya reports on VoIP security research company VoIPshield s new policy requiring vendors to pay for full details of bugs in their products. He quotes from a letter VoIPShield sent him: Effective immediately, we will no longer make voluntary disclosures of vulnerabilities to Avaya or any other vendor. Instead, the results of the vulnerability research performed by VoIP shield Labs, including technical descriptions, exploit code and other elements necessary to recreate and test the vulnerabilities in your lab, is available.
Source: https://threatpost.com/there-value-paying-vulnerabilities-071009/72905/