> A reasonable claim like "I think this should be higher because XYZ" gets investigated and, if justified, higher bounties issued.
That's highly dependent on the individuals and the company doing the bounty. It's incredibly reasonable that people are suspicious of the process, when it is opaque as it is, and the disparity in negotiating power being the company and the person submitting the bug.
My personal experience is the FB bug bounty process has been generally positive, but inconsistent at times in the graded severity of issues and transparency of the decisions being made. I've clearly presented my case, and asked for additional information, but not gotten very far. My only real option in response is in how I allocate my time.
Having reports and payout amounts be permanently hidden results in stories like this being the only insight to the process.
That's highly dependent on the individuals and the company doing the bounty. It's incredibly reasonable that people are suspicious of the process, when it is opaque as it is, and the disparity in negotiating power being the company and the person submitting the bug.
My personal experience is the FB bug bounty process has been generally positive, but inconsistent at times in the graded severity of issues and transparency of the decisions being made. I've clearly presented my case, and asked for additional information, but not gotten very far. My only real option in response is in how I allocate my time.
Having reports and payout amounts be permanently hidden results in stories like this being the only insight to the process.