[eric_cc]

So you pay money to hire somebody to send a company a letter informing the company of the companies problem in hopes that maybe, just maybe, the company will reward the the firm a small sum of money and you will get a small amount back.

I think you have a winner on your hands.

[ithkuil]

I might be living in a country with very few banks (3). I may benefit from letting them know about a security issue, especially if because of that issue I could potentially go to jail

I may not have the option of changing bank because the others are even worse.

however I don't know how much I would pay for that. Probably some kind of class action would work.

[derefr]

They wouldn't be doing it for the money. The EFF would be a good example of a firm that could take this practice up.

[stingraycharles]

That's besides the point. It still costs money, and the company that's vulnerable is not the one paying it. A service like this would be time consuming (bogus reports, etc), and the EFF would still have to use money from donations to finance this.

The only thing I can think about is some security firm doing this, using the exposure as a marketing tool and establish them as an authority on the subject.