Received from someone involved in CERT/CC's CVD service:
We're seeing reporters decline to report through bounty/VDPs that have terms the reporters don't like. 3-4 specific occurrences with us directly / recently. I quoted part of the guide to affected vendors but suggest a stronger "control is an illusion, focus on how badly you want the reports to come in" and related "bounty/VDP terms might dissuade reporting."
Received from someone involved in CERT/CC's CVD service: