There should exist a vulnerability disclosure intermediary. They can function as a barrier to protect the scientist/researcher/enthousiast and do everything by the book for the different countries.
Not to start an OS war, but there might be serious reasons to do banking with another OS.
+ How easy is it to see all the processes running on your machine?
+ Is it easy for you to limit the permissions of your browser?
+ Is it easy to monitor weird network activity?
+ Do you have some idea about the security standards of the software you use? This does not say that it needs to be open source, there might be other ways.
+ Do you have the right setup to receive security updates.
+ Do you restrict yourself to non-mainstream software to reduce the chance to be a target?
+ Do you consider read-only media at the time you do your banking?
There is a lot you can do without opening up your computer to a remote scan.