Bug bounty platform providers allow vendors to silence cybersecurity researchers without ever fixing the vulnerabilities they find. A code of ethics is needed to discourage the hiding of bugs and, instead, encourage finding and fixing them.