In November, Catalin Cimpanu reported that Russian researcher, Sergey Zelenyuk, had publicly disclosed a VirtualBox 0day instead of first disclosing the problem to Oracle or working through a bug bounty platform. Curious to see what Zelenyuk’s justification for his actions would be, I found that his explanation mirrored what others had been telling me about growing dissatisfaction with bug bounty programs. Zelenyuk said:

https://www.databreaches.net/growing-pains-as-hackerone-has-grown-is-it-harming-what-it-intended-to-help-part-1/