As a bug bounty hunter, I can attest to having an awful experience at times. The three companies I have worked with @ HackerOne have all taken forever to payout or fix bugs. Currently, I have been waiting 4 months to be paid by a company on HackerOne, for a pretty dang high impact bug that leaves all their customers vulnerable; I checked today, & they still haven't fixed it, let alone paid out.You also have to be aware of policy changes. I've noticed companies remove language that told how much they'd pay out. Some companies have a mandatory pay out of 7-14 days but they are rare; with everyone else, you just have to hope they pay you, and they do, I guess... whenever they feel like it.
No comments yet.