[notinmykernel]

IMO, it's a personal philosophy. Similar to why hackers choose to report vulnerabilities to bug bounties vs. release findings on sites like Hack Forums.

We all know companies are predatory, and in many cases companies (looking right at you Google and Microsoft) continue to refuse to pay people for discovering, documenting and reporting high-severity vulnerabilities. That doesn't mean we as individuals forfeit our principles and become just as corrupt as the "faceless corporate entities."

[grishka]

For vulnerabilities I can at least understand that — most of them can be used nefariously, and you also get a shitton of money if you report it. Publishing some company's trade secrets, though, would only hurt their bottom line, which isn't necessarily even a bad thing for a company that has orders of magnitude more money than it knows what to do with.