you understand the concept of zero days ?
companies should be better and if not, criminally liable for their bad code.
I don't think you thought this through.
does this also apply to individual developers?
should Linux Torvalds or the ffmpeg developers go to jail if they merge a RCE zero-day into the Linux kernel or into ffmpeg?
Ok? I agree with everything. What does that have to do with reporting exploits that don't have bounties?