> I don't see anyone ... end their use of their products because of a new vulnerability,
Ok, so Microsoft isn't a great example, but just off the top of my head, give Mt. Gox or Ashley Madison a call, see how much they would have been willing to pay to get their hands on the bugs that wiped them out.
Every other week I read a responsible disclosure of some bug that could have wiped out or seriously damaged a business, and then in the footnotes it'll say they got a bounty of $2,000, or $10,000, or they broke some rule and the company decided to not pay out anything.
> yet again a US vulture that is quite happy to make a profit ... because capitalism trumps decency every time
Until bug bounties are competitive, these pig-dog-capitalist bug-brokerages that you despise will thrive. My point is that bug bounties programmes need to offer more. A lot more. This will also have the fantastic side-effect of compelling software producers to give much more of a shit about security. Maybe once bug bounty programmes start paying (what I would consider to be) reasonable rates, security would no longer be an afterthought, but a primary concern.