Because you are not providing any service not selling anything. There is no real way as a company to withhold someone’s money and that it goes through accounting.
I am not an accountant so ask some accountants why not.
To participate in the bug bounty program, you must pay ACME Inc. $1 (one U.S. dollar) per submission. This payment is non-refundable as it covers our triage costs and bounty payment processing fees. You may submit a vulnerability without paying, but you will not be eligible for receiving any bounty payments under this program.
If your disclosure otherwise meets all of the guidelines of the program, but is not eligible for a bounty, we may, in our sole discretion, award you a bounty of $1.
Because you are not providing any service not selling anything. There is no real way as a company to withhold someone’s money and that it goes through accounting.
I am not an accountant so ask some accountants why not.
To participate in the bug bounty program, you must pay ACME Inc. $1 (one U.S. dollar) per submission. This payment is non-refundable as it covers our triage costs and bounty payment processing fees. You may submit a vulnerability without paying, but you will not be eligible for receiving any bounty payments under this program.
If your disclosure otherwise meets all of the guidelines of the program, but is not eligible for a bounty, we may, in our sole discretion, award you a bounty of $1.
it's not illegal to ask people to send you money and then keep the money they send you