[rossmohax]

Intel now runs bug bounty program with up to $100k payouts (https://www.intel.com/content/www/us/en/security-center/bug-...), where one of the requirements is not to leak vulnerability details.

[cortesoft]

Isn't that a pretty standard bug bounty requirement? The idea is that you submit the bug to the company and they fix it before it is disclosed.

[throwawaymath]

It is standard in the sense that it's not uncommon. But about as frequently it's not a requirement. Many companies allow complete or partial vulnerability disclosure once resolution is complete. It's often on a case by case basis and requires approval.

[cortesoft]

Oh, I thought that was what you meant (until resolution).. didn't realize they block disclosure forever