Informing a Company of a Security Discovery?

An anonymous reader asks: "I recently found a major security flaw through serendipitous independent research. I do not want to go into details, but it could be used against certain companies and have a large negative financial impact. However, I have no wish to use this for malicious purposes, and would rather profit by helping the company fix the problem. Seeing as many researchers have been persecuted/prosecuted lately for public disclosure, what is the best way to go about informing the company and agreeing on an appropriate fee for my services, without having it look as though I am trying to extort them?"

A lawyer is not a friend under any circumstances

Lawyers are your friends in business deals.

If lawyers gave legal advice and assumed liability when the advice they gave was inappropriate or failed to protect the client then you would have a point. They would be supplying a useful service.

As things stand though, lawyers on both sides of an argument benefit from legal action but suffer no fallout from losses suffered through following their legal advice. That lack of necessary negative feedback is what makes them a pure shyster and snake oil profession, and never a friend under any circumstances.

Avoid like the plague. Lawyers have destroyed what used to be a great nation.