[collingreene]

I work at facebook on the bug bounty program, if you have an email, name or ticket id I can look into it for you.

There could be a few things going on here, maybe your bug was classified as low pri, maybe we misdiagnosed the bug.

Speculation but I would call into question your assertion that we fixed something based on your submission and then attempted to hide/delay it. We have not and would not do such a thing.

[chr13]

It may not be intentional but what about unintentional fixes ? What happens to bugs that were valid when posted but fixed (unintentionally) right after a release/code deployment.

[collingreene]

I need more information if you want me to look into this issue.

We have paid out on such issues before but there is no hard rule. In general we err on paying out if there is any question. We have paid out before when a submission wasn't a bug at all but lead us to some part of the code that we ourselves then found a security bug in.

It is in our best interest to payout whenever possible. More payouts = more submissions = more security bugs found and fixed.

[chr13]

I think the report number is 173358208.

[collingreene]

Cool, found it. Will respond in the email thread.

[chr13]

Thanks for the reply, that clears things up.

[stevoo]

for you yes ... for us no ! Can we know why you got no reply and no reward !