You offer this membership only to trustworthy members of the community who have interest in keeping their services and products secure such as RedHat, Google, Facebook, Oracle, Debian and so on. I think you can trust people in Google not to exploit vulnerability and not to sell it for bitcoins.
Unless critical vulnerability is exploited in the wild, it should first be disclosed to big Linux distributors so they can prepare patches and to companies responsible for critical Internet infrastructure so they can fix their system before telling general public. With this proposal you just charge companies who can afford it membership fees and provide this service for free to open source/non profits who could not afford it.
Unless critical vulnerability is exploited in the wild, it should first be disclosed to big Linux distributors so they can prepare patches and to companies responsible for critical Internet infrastructure so they can fix their system before telling general public. With this proposal you just charge companies who can afford it membership fees and provide this service for free to open source/non profits who could not afford it.