Question of ethics
We know that FB sold information to Cambridge Analytica which was used to target citizens in various elections around the globe. Both FB and CA made a ton of money. FB was also the platform of choice for Russian trolls. So FB made money from them.
I KNOW I will never do this but as a security professional, I can see an immoral person justifying selling an FB 0 day to a foreign agency and keeping the money for himself. This is a very slippery slope.
Companies are making a ton of money writing bad software and not following SDLC. Shouldn't they be to blame? I can see occasional mistakes slipping through the cracks but a whole slew of them? Every day I hear of flash 0 days. What is up with that? And they are still making money?