Two to three hours discovering and writing the initial report, couple more hours (unsuccessfully) trying to escalate it using pre-approved apps.
>I think $5,000 is a joke
This is still $5,000 more than I would get reporting a similar bug to 99.999% of companies, and I am OK with the bounty.
Here is good comment on the topic of bug bounty rewards:
https://news.ycombinator.com/item?id=11249173
Two to three hours discovering and writing the initial report, couple more hours (unsuccessfully) trying to escalate it using pre-approved apps.
>I think $5,000 is a joke
This is still $5,000 more than I would get reporting a similar bug to 99.999% of companies, and I am OK with the bounty. Here is good comment on the topic of bug bounty rewards: https://news.ycombinator.com/item?id=11249173