Sorry, I have some problems with this attitude of expecting a reward for each and every action that benefits other human beings. Whatever happened to altruism?
I don't think you understand, it's not about a reward; it's about having a clearly defined process to report security bugs that is inclusive of every kind of bug.
If you don't have that, people don't know if they are breaking the law by sending you a bug report, and they might not report the issues.
Most of the time, the bounty is not going to pay for my time anyway; I just do it for the fun of it, but it definitely says "security issues are welcome"
If you don't have that, people don't know if they are breaking the law by sending you a bug report, and they might not report the issues.
Most of the time, the bounty is not going to pay for my time anyway; I just do it for the fun of it, but it definitely says "security issues are welcome"