> Selling via grey markets is an option, but many white hats don't go that route due to risk.

I would think that such a sale makes one inherently not "white hat".

Not sure what risk but for me it would be morals

I've rarely gotten bug bounty money and not even always a written thank-you but it doesn't cross my mind to somehow seek out a malicious actor that wants to make use of what I found. Leave the place better than you found it and all that

That's a limited view. The damage this could cause should be accounted for. People don't have to sell shit, they could fuck things up just for the fun of it. That's something to consider, especially with a bunch of teenagers. Now, these big corpos didn't take the chance to sponsor and encourage these kids early careers and make this fuck-up good PR, at least.

What "grey market" are you talking about? How specific can you be about it?