[danudey]

> Yet ethical hackers looking to make a name for themselves would probably be far more willing to responsibly disclose vulnerabilities if money was on the table.

Here's a simple rule of thumb: if you only responsibly report vulnerabilities when they're going to pay you, and otherwise you just publish them to github for everyone to use, you're not an ethical hacker.

Troshichev frames it like 'it's not my fault I posted this exploit to the internet, there was no bounty in place to prevent it!' He could well have reported it to their security teams and been happy with having contributed to the world, but instead he not only discussed the bug publicly, but published a tool allowing people to easily exploit it.

There is no point of view here where Troshichev is any sort of ethical 'good guy'. This is extortion, a thug saying 'Oh, that's really too bad about your windshield. If only there was some way you could pay someone to keep this from happening again. Who knows how bad it could be next time.'