Well, in a case such as this: because they're putting other people's data/money at risk and should have payed somebody to discover flaws like this in the first place. It's not the law but maybe it should be.
Well, the users of the system should be able to recoup some of their costs for services (security) not rendered and then pay the researcher for that.
In a more well-coordinated society none of this would happen because the company would have avoided the predictable outcome by hiring a security person in the first place.
And if you can’t see out of your dirty windshield, you could cause an accident. If your neighbor’s door is unlocked all day, someone could break in and steal their TV.
I mean, why should I even need to apply for any job? McDonald’s always needs workers; do you think they’ll mind if I walk into the kitchen, start flipping burgers, and then name my hourly rate at the end of the day?
We were talking about "reasonable", which your reply seems to miss completely. Reasonable can mean a lot of things, including a predefined rate or a fixed way to calculate compensation owed.
