Right, and responder is saying in a competition for resources, pay less for non-mem corruption bugs, which should mean they aren't as hard to verify.
Is your point that all bugs soak up time to fix? If so pay the bounty and add it to the backlog. Or is it too much time to verify? That seems to be something you can kick back to the reporter.
Apologetics for a bug bounty program dragging their feet on a payout because "it's not a mem corruption bug" alone is unconvincing.
Is your point that all bugs soak up time to fix? If so pay the bounty and add it to the backlog. Or is it too much time to verify? That seems to be something you can kick back to the reporter.
Apologetics for a bug bounty program dragging their feet on a payout because "it's not a mem corruption bug" alone is unconvincing.