[yieldcrv]

this seems to be airing a frustration that has moved beyond accuracy in the process, companies offering bug bounties may have done the bare minimum at one point in time but every production push they do changes that, and potentially reintroduces simple scannable vulnerabilities.

[scoot]

That's fair. We get numerous reports from script kiddies reporting "vulnerabilities" that aren't, because they don't understand the tool that they're running, or the output that it produces, or why it isn't relevant. It's possible that they catch a known issue, but the reality is that the majority have no idea what they're doing.