I reported 10 valid bugs including SQL Injection and account takeover to a company running a public bug bounty program. Initially, they acknowledged the reports and later fixed all the issues. But instead of rewarding or crediting me, they gave excuses and rejected them. Shortly after, they shut down their bug bounty program entirely.
There’s no official body to protect bug hunters in such cases.
If there is someone who can help me with this situation, please reply.