I don't think I make this argument regularly and I wouldn't absolutely say that's the goal of the platforms themselves, but it's an effective outcome - in most cases participating in the program means accepting terms that say you won't disclose without permission, and if the vendor never grants permission you have the choice of disclosing (and potentially being kicked off the platform and also losing any safe harbor protections you had) or just saying nothing.
I am not a security person, and when I tried to report an vulnerability in the authentication signing in the QuickBooks Ruby gem, the process caused me to end up just saying nothing. Intuit pushed me to H1, and I did not feel comfortable with the H1 process, or that I had an advocate for a legal process that I was unfamiliar with.
