Seeker of Truth. Forever a student. Truth is at the intersection of Athens & Jerusalem.
Bug Bounty Hunting is an ever-changing ecosystem - what works in one season may not work in another. As such, and as with any discipline, being able to evaluate your self and adjust your course when thing stops working is imperative.
If you’ve been doing bug bounty for any time, either as a hunter or a program, you’ve doubtless heard complaints about CVSS scoring. The typical scenario will look something like this - a hacker will file a report (likely with a laughably inflated CVSS score), set the severity that they think the report is, get their expectations set on receiving $X, the triage service will validate the report, and assign a score using a CVSS Caculator and mark the report as
Triaged (barring any back and forth around reproduction steps).