Let's say you recently discovered some major vulnerabilities in a couple of websites that activate mainly in your country and are very powerful in their market. The vulnerabilities I'm talking about are as worse as letting me browse the admin interface with super admin privileges.
What would you do now? I'm thinking of something like:
What do you guys think? Do you have some materials to read about this or experience to share?
Talk. To. A. Lawyer.
This could get sticky depending on the company. By saying "you have xx days to fix this before I announce the exploit", you are basically saying "do what I expect, or I will cause you lots of grief".
The other issue is, how did you discover this? Were you using the site 'normally', or did you see the potential for the hole and decide to see if it worked? This is very important to keep in mind, especially if you are considering setting a time limit to fix the issue. I'm not sure what the laws say where you live, so please, talk to someone who does.
You might end up with their thanks, some cash for entering into a NDA (you did, after all, browse the admin interface) and you might get some credit in the security industry. But, be very, very careful and do try and seek the advice of an attorney.