Hey Sergio,
I have been in the vuln business for 6-7 years.
encouraging people to test and get their results is exactly what we are after. I do believe that there are some very talented hackers already in this community and they are working hard on the future security of bitcoin - albeiet in disparate groups and not seeking reconition. bitcoin has survived some turbulent times already.
no, they wont do anything, this is one of the issues. they will take up to 2 weeks to review a submission.
there are so many issues in selling vulns let alone buying them. but I will put more stuff up in the testing site. just because I am not sure about the idea, it doesnt mean we shouldnt investigate the possiblity of doing it. - I have been wrong many times before
I only picked on the ZDI because they will buy more or less anything (and I have submitted through them, not very often I work more with pentest companies.). see the thinks below for much more detail and other companies and what they pay.
I do think we need some kind of bounty/reward scheme, and we very much need discussion as to what sort any where/why it gets paid. I am really glad that you have signed up to the testing website, so we can work what sort of incentives will work and how to get people testing
You are very much the person the project needs and wants to attract.
this is exactly the kind of discussions that need to happen for bitcoin to be able to progress to the next stage.
here is some more info on the world of vuln sales. I hope you enjoy the read.
http://weis2007.econinfosec.org/papers/29.pdf - The hazardous path of vuln sales (i was involved with that paper)
here are some links about selling exploits and who buys them for what money. The market has changed since this was done, but it is still valid. (the market never changes that much)
http://unsecurityresearch.com/index.php?option=com_content&view=article&id=52&Itemid=57
This is a presentation written quite a while ago by Pedram Amini one of the founding members of iDefense (owned by VeriSign) and TippingPoint/ZDI (owned by 3com)
It is well worth the time to read it.
http://docs.google.com/present/view?id=dcc6wpsd_20ghbpjxcr