So instead of hanging out a shingle or a "Grand Opening" sign, Dino Dai Zovi, Alex Sotirov, and Charlie Miller came up with a novel way to promote their new businesses, with a "No More Free Bugs" sign. It is an interesting approach – it almost seems like they hold a grudge against software companies that have made their names for them – but I don't see how this is any different from what Matasano or NGS Security do, or even the previously free bugfinders who now work for Microsoft or Google.

At some point in our careers, it is common to be compensated for what we do, especially if we are good at it. No doubt, these guys are good at it.

There are some unknowns here – while Dino has said he won't try to extort money from software companies, it is not clear whether they will sell to third parties or not, and what their criteria will be. Assuming they pick the right customers (i.e. the "good guys") then I expect this will result in a net risk reduction, which is a good thing.

These types of activities are almost always better than the random, public bugfinding forays that increase risk for everybody. Give them an isolated target, limit the population, control the timeline, and risk reduction is likely.

Judging from what is publicly available about their work, I suspect they will do well.