[1] Hackers and computer security scientists have the opinion that it is their social responsibility to make the public aware of vulnerabilities.
Depending on the potential impact of the vulnerability, the expected time needed for an emergency fix or workaround to be developed and applied and other factors, this period may vary between a few days and several months.
Coordinated vulnerability disclosure may fail to satisfy security researchers who expect to be financially compensated.
Between March 2003 and December 2007 an average 7.5% of the vulnerabilities affecting Microsoft and Apple were processed by either VCP or ZDI.
[5] Independent firms financially supporting coordinated vulnerability disclosure by paying bug bounties include Facebook, Google, and Barracuda Networks.