For some security researchers who uncover flaws in leading computer programs, a nod of appreciation from software companies is no longer enough. Now they want money.

Critics say the purity of research is in jeopardy as discoveries are shopped around instead of submitted directly to software vendors so they can quickly develop a fix.

“I don’t like there being an incentive to turn this into a market,” said Bruce Schneier, chief technology officer for security company BT Counterpane. “Then you create incentives for the bad guys to start finding this stuff and selling it, and if the bad guys charge more, the good guys have to charge more.”

Some companies already have been offering payments for such information — hundreds or thousands of dollars depending the severity of the flaw — and a Swiss-based auction site opened this month to encourage bidding for such knowledge.

Software vendors so far have refrained from purchasing the information themselves, reluctant to encourage extortion — researchers holding out or threatening to sell to criminals unless they get the right price.