The bug bounty world is a funny one. I remember one complaining that their bug was dismissed and fixed after they signed an NDA, no payout, nothing. Another one got $100 instead of $5,000 because the company downgraded the severity from high to low. So they ended up with little or no money, and no recognition either. Not sure if these were edge cases, but it does make you wonder how fair the process really is.
tptacek|7 months ago
asadotzler|7 months ago
Mozilla's program, which has been around longer than most, doesn't. Google and Microsoft don't. Meta and Apple don't.
This is water carrying, intentional or not, for a terrible practice that should be shamed, so that it doesn't become standard.
pyman|7 months ago