Ellis pointed out that FCA isn't bound by the cap and that Bugcrowd's customers do regularly pay larger rewards than what's listed when researchers report high-impact or creative bugs.
The other reason FCA could be starting with a relatively low price for bugs is that it gives it some leeway to move, depending on the reports it gets.
"An interesting quirk of bug bounties is that it's easy to put the rewards up, but very difficult to being them down. We've seen many programs, both DIY and on other platforms, that have made the mistake of starting too high and then reducing their rewards when they've started to run out of budget," said Ellis.
In the end though, bug bounties are an open market; if researchers don't like what's on offer from one vendor, they're not obliged to participate.
Source: CSO Online
Sign up for MIS Asia eNewsletters.