You should give a 90 day window so you don't become an enabler of crime.
The bug bounty is there to incite you to look for bugs at all. If there isn't a bug bounty program, or you don't think it will pay out, then don't go looking for bugs.
If you find a bug anyway, and want to do the right thing, then you responsibly disclose it (whether you get paid or not). If you don't want to do the right thing, then you just ignore the bug and don't publish it.
If you publish the bug without giving the company 90 days first, then you are harming all the innocent people who are using that product (by telling criminals exactly how to exploit an unfixed bug). That is an evil thing to do. In some places, lawsuits might fly your way because of something like that.