Comment by londons

My experience with big companies is even if the whole IT security team thinks this is worthy of a bounty, and the team has plenty of budget they could allocate to it, the process of giving money to an individual is frequently so difficult to get through the bureaucratic purchase order system that it's basically impossible to do unless you are contractually obliged to pay.