Xssposed has just created their own version of a bug bounty, however instead of limiting it to the company paying you it can be anyone and you can ask whatever you like. What does the community think of this type of approach? https://www.xssposed.org/about/
I’d like to see it tried legally (the “ask-for-payment” part).
hmmm… maybe a not bad 
Also, the bastards screw up my google alerts :<