Urgently need help from experienced bug bounty ppl
I’ve just discovered major vulnerabilities in a small company with a large user base, that exposes a lot of very sensitive personal information.
I have emailed the company letting them know how bad it is and to contact me.
This is my first bug bounty and I care for the users privacy so number one priority is getting it fixed. That being said, I would appreciate getting paid as the severity is so high – if this information was to be leaked the company would basically cease to exist.
How should i go about this?
They don’t have a bug bounty program at all – as i said earlier, i’ve emailed them.
How do i come up with a figure ($) to ask for? Do I ask them after it’s fixed?
Any help is appreciated as i’m expecting a call back in the next few hours.