Long story short, a couple months back I found a vulnerability on PayPal and submitted my report to them (with evidence) via their Bug Bounty Program. A month goes by and I receive an email stating that my submission does not qualify for the program and I would not be receiving compensation for it. However, they immediately fixed the vulnerability I reported, lol. Fast forward to now and couple days ago I receive this email from them: In an effort to provide recognition to our research partners who have supported our security efforts, we are updating our Bug Bounty Wall of Fame to feature individuals like yourself who have made significant contributions over each quarter. We will refresh our listings on a quarterly basis to include both our top 10 researchers by quarter, as well as our honorable mention archive page for everyone that provided a valid submission over the course of our program. We would like to thank you for your efforts and congratulate you for being recognized in the first quarter of 2015. We would like to list your name and, if applicable, your credentials and the name of your organization, on our proposed Wall of Fame page which will be available in the coming months. In order to do so, we must have your consent. Please follow the instructions below and return to us at our eBay Inc Security email portal and return to us by 4/13/15. I thought it was interesting to see that they won't classify it as a vulnerability worth compensating me for yet are willing to include me in their 2015 Q1 Wall of Fame. Now don't get me wrong, I appreciate the offer to be recognized and will be submitting my name and website where I sell exploits/methods which may have an indirect value of getting more clients, but I'm confused why they elected to not offer compensation via the Bounty program but are willing to recognize me now. Have you guys heard of this type of contradiction before from companies offering bounties/rewards for something and then doing a quasi bait and switch by just giving you recognition for it? One would think if the information was valuable enough to be recognized for it via the Wall of Fame then why not be compensated like the program suggests? Anyway, curious to hear your thoughts. Thanks.