User blog comment:MisterWoodhouse/Introducing the Fandom Bug Bounty Program/@comment-168424-20190724170519/@comment-24006128-20190724172416

For the researchers participating in the program, we make the pay ranges for different vulnerabilities known and transparent on our Bugcrowd page. The pay ranges are determined by the severity of the vulnerability found, which is based on Bugcrowd's taxonomy rating system and is recommended first by the Bugcrowd security engineer. Researchers participating in the program know upfront exactly how much money they will receive if, for example, they find and report a stored XSS vulnerability.