Apparently they are notorious for worming out of paying for legitimate bug bounty reports. They will refuse to pay you if at all possible and they have gotten really good at scamming security researchers and hackers into free work. IMO a lawsuit would be frivolous as they would likely spend more on their attorneys then paying the actual bounty just to make an example of the researcher and deter others from following suit. Stop reporting bugs to FB and just sell them for what they're actually worth instead of working for nothing.

Did this EXACT same shit to me for a CSRF bug where I was able to wipe and brick certain residental routers over their messaging system. They said it needed to be fixed in all the routers in the entire world by the manufacturers instead of incorporating appropriate CSRF filters in messages..... LMFAO, do not trust any bounty program from FB for any reason whatsoever!

Another Bug Bounty system from Facebook? Except they have been stealing from security researchers since the first bounty program was started by finding loop holes allowing them to not pay those bounties. They neglected to pay at least 2 legitimate bounties for bugs provided by myself stating that the bugs needed to be fixed in every router in the entire world instead of providing filters for it in their own messaging system which they eventually enabled without the bounty being issued. So essentially, they can make up a reason to not pay you and then fix it in the background and most people are none the wiser.

Its because students get out of college and think they're the shit and know it all which comes down to Dunning Kruger syndrome. Companies and Corporations aren't willing to invest in self taught life long IT professionals and hackers who have dedicated their entire life to learning security and technologies, but instead want the unskilled grads who have the paper without the experience!

That's definitely BS! Do not install Flash, there are multiple reasons it is being phased out, mainly because of security. Anyone who didn't have seem to have an issue with that is obviously incompetent. Follow This: https://pcicompliance.stanford...