@tklengyel so your proposal is that when someone finds a severe security issue they should just stop using the service themselves then anonymously publish it publicly?
I suppose that is one way of doing things “fuck every company that won’t pay me for finding an issue”.
Though, overall, this would result in more vulnerabilities being exploited instead of fixed before they are exploited by bad actors