> So far, for the vulnerabilities I have reported to Google, ASUS, AMD, TP-Link, Netgear, MSI (and more), they have paid out a total of $0 in bug bounties.
Why bother reporting to them ?
You could just as well sell it to third parties if it doesn't interest them.
You understand the concept of doing something that doesn't bring direct monetary benefit?