Say if you find a wallet in the street. You would expect the owner to give you 10% of the money inside as a finders-fee after you returned it. That's the law in a lot of places. It's not unreasonable to expect a finders-fee for security bugs as well.
The trick is agreeing on a fair price. In the end you're paying for the information and the secrecy. So probably it should be a per day fee until the bug is fixed and a lump sum at the end.
I probably wouldn't take any money for returning a wallet, but I paid it happily the last time when someone found mine.