HackerOne has significantly reduced the rewards for its Internet Bug Bounty program, with medium-severity vulnerabilities now paying $297, down from $1,843. Critical vulnerabilities, which previously earned $9,250, now fetch $2,257, while high-severity bugs are rewarded with $1,009. This drastic reduction in payouts may deter security researchers from participating in the program, potentially leaving vulnerabilities unreported and unpatched. The changes affect not only new submissions but also existing ones, with some researchers receiving reduced payments for flaws they had already discovered and reported. A security researcher who found a medium-severity vulnerability months ago, for example, was finally paid, but at the new lower rate1. This reduction in rewards matters to practitioners because it may lead to a decrease in the number of vulnerabilities being reported, ultimately compromising the security of software and systems.