Used properly, bug bounty platforms connect security researchers with organizations wanting extra scrutiny.
Or the organization could, you know, hire a competent HR staff/recruiters that can hire competent security professionals to get that job done. Most bounty/reward programs as currently used are just another retread of exploitative spec work. It's a shame so many people still fall for these "do a lot of costly work for us and maybe you'll be the lucky one we pay" schemes. @"Mr William"
Researchers would like the publicity
Publication is a cornerstone of any good science. If they're not primarily interested in doing that, they shouldn't even be called "researchers", just mercenaries. If the companies aren't interested in that kind of transparency, they shouldn't be seeking "researchers" either.
I do IR for a faceless cooperation that earnestly runs these programs to patch vulnerabilities and improve security.
So you're part of the problem. Tell them to pay to hire a proper security staff rather than expecting external agents to test your systems for free.
We want vendors to be more responsible, but the researchers also need to be more responsible.
Then hire the researchers into a position of responsibility. Until that happens, you really don't have much standing. If you don't like the ecosystem that your bug bounty program has created, it's up to you to fix yet another broken system you have created. eaae3ab10722be65cb0d8af20f688b7c46936f0088af869bfed450d6f0833383