[bostik]

There's an important unstated property too, btw. OP reported an information disclosure bug in payment handling code. A bug in the core logic of what literally brings money in.

That kind of bug report is bound to get a very quick triage, followed by a very quick escalation.

But yes, even with that in mind: a 4-hour turnaround is damn impressive.

[jomkr]

I work at one of the other Big4 and to be honest it's not that impressive. This kind of report would be a high severity ticket, the person on-call for the given team would get paged, and wouldn't stop working/escalating until it got fixed.

Obviously not all companies behave this way, but they should!

[pbalau]

Then you need to push the new software to prod. 4h is impressive.