[dcminter]

Without feedback you don't know that the bug was fixed in reaction to your bug report. It might have been - but unless they explicitly invited bug reports in return for something then it's at worst bad manners not to acknowledge in that case. Debatably poor self-interest on their part as well.

As you note, the field has been damaged by bounty hunters. When the SNR drops low enough there's no point even reading the damn things and high-quality reports will be discarded along with the dross.

[leftcenterright]

> Without feedback you don't know that the bug was fixed in reaction to your bug report.

In this particular case, they did say they will consider a reward for a severe bug (it was severe, DNS hijack) and then once I shared details, the next day I checked, they had fixed it and never wrote back.

[cinntaile]

Next time you find a bug there you sell it to the highest bidder. Or maybe not you, but someone will do that. It's not really a winning strategy...

I did not know bug bounty had such a bad rep. Is this for reporting bugs outside of the bug bounty platforms?

[leftcenterright]

> Is this for reporting bugs outside of the bug bounty platforms?

Nah, in this case they simply had no official bug bounty program/platform.

I would guess that a big factor is mindset and tech culture across different companies or having a bad head of something who doesn't get the point of bug bounty / promoting responsible disclosure.