In that the people who found them reported them to the person who made the software with no intention of ever getting paid for them, thinking that they were doing a service.
When they realized that some people (cough.... Microsoft) wouldn't fix the bugs unless they put them out into the wild where they could be used for malicious purposes or were told "Hey, I'm going to make this thing well known in X days, get off your butt and fix it!"......... they realized that "Why am I doing this just for the 'good of the community' when these businesses don't have the good of the community in mind? No, I'm going to try and get PAID for these things, either by selling the vulnerabilities or by charging the business in question for the details, which since they had to pay for the details, makes them more likely to push out a fix!"
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
