This is why I consider bug bounty programs problematic, because they've been co-opted from a system to manage responsible disclosure to a system to contain and manage non-disclosure.
Bug bounty programs can be great tools to help reward researchers, secure products and help align new and amateur researchers who may not have ever reported a bug before to standards.
But like all things, they can also be used to keep software insecure, hide issues, and instead buy off researchers.
But like all things, they can also be used to keep software insecure, hide issues, and instead buy off researchers.