[K0nserv]

It's true that not all companies pay bug bounties and you might very well be right that paying them, especially if they are much lower than other companies that operate bug bounties, might have a worse affect on public opinion then not having bug bounties at all. To me it's still concerning that Facebook pays 10x more for problems that are less severe and it does still make LastPass look like they don't care as much in comparison.

[tptacek]

If this was a thread about a Facebook vulnerability, the exact same things would be said about Facebook. To verify for yourself, use the search box at the bottom of the page to find a thread about a Facebook bounty.