Estimation

The report should instantly allow the program owner to determine the bounty amount without any speculative considerations. This can only happen if the researcher who has found the vulnerability has done justice to the vulnerability and not just talked about stuff in the air.