Re: Good on them!
> It doesn't mean there aren't any taking the latter route.
I expect them to be doing both!
Find and develop exploit, create malware package, as 'blackhat' sell malware package, wait for money to reach bank account, as 'whitehat' report exploit, wait for money to reach bank account...
So this method provides plenty of carrot to report exploits and a decent stick for software authors to take note and release fixes...